MGASA-2018-0470

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2018-0734 CVE-2018-5407

Published: 27 Nov 2018, 15:26

Last modified:16 Apr 2026, 04:25

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 Nov 2018, 15:26

Published

Vulnerability first disclosed

16 Apr 2026, 04:25

Last Modified

Vulnerability information updated

Description

Updated openssl packages fix security vulnerabilities The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). (CVE-2018-0734) Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. (CVE-2018-5407

Affected Systems

mageia•openssl
< 1.0.2q-1.mga6

MGASA-2018-0470

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)