FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- Cache timing vulnerability

Affected packages
openssl < 1.0.2o_2,1
openssl-devel < 1.1.0h_1

Details

VuXML ID 8f353420-4197-11e8-8777-b499baebfeaf
Discovery 2018-04-16
Entry 2018-04-16

The OpenSSL project reports:

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key.

References

CVE Name CVE-2018-0737
URL https://www.openssl.org/news/secadv/20180416.txt