OpenSSL 1.0.2: CVE-2018-0735

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
According to the vulnerabilities website[1], OpenSSL 1.1.i and earlier and 1.1.1 are affected by CVE-2018-0735. 
Is it safe to assume that OpenSSL 1.0.2 is not affected by the CVE?

Thank you,

-- misaki

[1] https://www.openssl.org/news/vulnerabilities.html

CVE-2018-0735 (OpenSSL advisory) [Low severity] 29 October 2018:
    The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Reported by Samuel Weiser. 

        Fixed in OpenSSL 1.1.1a-dev (git commit) (Affected 1.1.1)
        Fixed in OpenSSL 1.1.0j-dev (git commit) (Affected 1.1.0-1.1.0i)

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux