A flaw was found in OpenSSL versions from 1.1.0 through 1.1.0i inclusive, from 1.0.2 through 1.0.2p inclusive and version 1.1.1. The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Reference: https://www.openssl.org/news/secadv/20181030.txt Upstream Patches: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7 https://github.com/openssl/openssl/commit/b96bebacfe814deb99fb64a3ed2296d95c573600
Created mingw-openssl tracking bugs for this issue: Affects: epel-7 [bug 1644370] Affects: fedora-all [bug 1644368] Created openssl tracking bugs for this issue: Affects: fedora-all [bug 1644366]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2304 https://access.redhat.com/errata/RHSA-2019:2304
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-0734
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3700 https://access.redhat.com/errata/RHSA-2019:3700
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2019:3935 https://access.redhat.com/errata/RHSA-2019:3935
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 Via RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3933
This issue has been addressed in the following products: JBoss Core Services on RHEL 6 Via RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3932