Summary: | <dev-libs/openssl-{1.0.2o-r1,1.1.0h-r1}: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A4 [glsa+ cve] | ||
Package list: |
dev-libs/openssl-1.0.2o-r1
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2018-04-17 20:22:32 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30945a68d3d4c98433363ed73475b8233ac02118 commit 30945a68d3d4c98433363ed73475b8233ac02118 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-04-17 20:50:09 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-04-17 20:50:30 +0000 dev-libs/openssl: Rev bump to add patch for CVE-2018-0737 Bug: https://bugs.gentoo.org/653434 Package-Manager: Portage-2.3.28, Repoman-2.3.9 dev-libs/openssl/Manifest | 1 + .../files/openssl-1.1.0h-CVE-2018-0737.patch | 31 +++ dev-libs/openssl/openssl-1.0.2o-r1.ebuild | 251 ++++++++++++++++++ dev-libs/openssl/openssl-1.1.0h-r1.ebuild | 284 +++++++++++++++++++++ 4 files changed, 567 insertions(+)} This issue was resolved and addressed in GLSA 201811-21 at https://security.gentoo.org/glsa/201811-21 by GLSA coordinator Aaron Bauman (b-man). |