vulnerability
Oracle Linux: CVE-2018-0737: ELSA-2018-3221: openssl security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:H/Au:S/C:P/I:P/A:N) | 2018-04-16 | 2018-10-13 | 2025-01-23 |
Severity
2
CVSS
(AV:L/AC:H/Au:S/C:P/I:P/A:N)
Published
2018-04-16
Added
2018-10-13
Modified
2025-01-23
Description
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.
OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.
Solution(s)
oracle-linux-upgrade-openssloracle-linux-upgrade-openssl-develoracle-linux-upgrade-openssl-libsoracle-linux-upgrade-openssl-perloracle-linux-upgrade-openssl-static
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.