{"id":"MGASA-2018-0470","summary":"Updated openssl packages fix security vulnerabilities","details":"The OpenSSL DSA signature algorithm has been shown to be vulnerable to a\ntiming side channel attack. An attacker could use variations in the\nsigning algorithm to recover the private key. Fixed in OpenSSL 1.1.1a\n(Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed\nin OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). (CVE-2018-0734)\n\nSimultaneous Multi-threading (SMT) in processors can enable local users\nto exploit software vulnerable to timing attacks via a side-channel\ntiming attack on 'port contention'. (CVE-2018-5407\n","modified":"2026-04-16T01:47:20.656429227Z","published":"2018-11-27T15:26:11Z","upstream":["CVE-2018-0734","CVE-2018-5407"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0470.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23870"},{"type":"WEB","url":"https://www.openssl.org/news/secadv/20181030.txt"},{"type":"WEB","url":"https://www.openssl.org/news/secadv/20181112.txt"}],"affected":[{"package":{"name":"openssl","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.2q-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0470.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}