A flaw was found in OpenSSL versions from 1.1.0 through 1.1.0i inclusive and version 1.1.1. The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key.
Created openssl tracking bugs for this issue:
Affects: fedora-all [bug 1644357]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2019:3700 https://access.redhat.com/errata/RHSA-2019:3700
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):