- Home
- CVEs with nessus.description==This update for compat-openssl098 fixes the following security
issues :
- CVE-2018-0732: During key agreement in a TLS handshake
using a DH(E) based ciphersuite a malicious server could
have sent a very large prime value to the client. This
caused the client to spend an unreasonably long period
of time generating a key for this prime resulting in a
hang until the client has finished. This could be
exploited in a Denial Of Service attack (bsc#1097158)
- Blinding enhancements for ECDSA and DSA (bsc#1097624,
bsc#1098592)
- CVE-2018-0737: The RSA Key generation algorithm has been
shown to be vulnerable to a cache timing side channel
attack. An attacker with sufficient access to mount
cache timing attacks during the RSA key generation
process could have recovered the private key
(bsc#1089039)
- CVE-2018-0739: Constructed ASN.1 types with a recursive
definition (such as can be found in PKCS7) could
eventually exceed the stack given malicious input with
excessive recursion. This could have resulted in DoS
(bsc#1087102).
This update was imported from the SUSE:SLE-12:Update update project.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top