{"id":"MGASA-2018-0365","summary":"Updated openssl packages fix security vulnerabilities","details":"Updated openssl packages fix security vulnerabilities:\n\nDuring key agreement in a TLS handshake using a DH(E) based ciphersuite a\nmalicious server can send a very large prime value to the client. This will\ncause the client to spend an unreasonably long period of time generating a\nkey for this prime resulting in a hang until the client has finished. This\ncould be exploited in a Denial Of Service attack (CVE-2018-0732).\n\nThe OpenSSL RSA Key generation algorithm has been shown to be vulnerable to\na cache timing side channel attack. An attacker with sufficient access to\nmount cache timing attacks during the RSA key generation process could\nrecover the private key (CVE-2018-0737).\n","modified":"2026-04-16T01:48:26.220669346Z","published":"2018-09-02T19:07:30Z","upstream":["CVE-2018-0732","CVE-2018-0737"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0365.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22934"},{"type":"WEB","url":"https://www.openssl.org/news/secadv/20180416.txt"},{"type":"WEB","url":"https://openwall.com/lists/oss-security/2018/04/16/3"},{"type":"WEB","url":"https://usn.ubuntu.com/3692-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/3628-1/"}],"affected":[{"package":{"name":"openssl","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.2p-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0365.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}