[Buildroot] [PATCH] libopenssl: security bump to version 1.0.2q
Peter Korsgaard
peter at korsgaard.com
Mon Dec 3 22:03:44 UTC 2018
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security vulnerabilities:
> *) Microarchitecture timing vulnerability in ECC scalar multiplication
> OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been
> shown to be vulnerable to a microarchitecture timing side channel attack.
> An attacker with sufficient access to mount local timing attacks during
> ECDSA signature generation could recover the private key.
> This issue was reported to OpenSSL on 26th October 2018 by Alejandro
> Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and
> Nicola Tuveri.
> (CVE-2018-5407)
> [Billy Brumley]
> *) Timing vulnerability in DSA signature generation
> The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
> timing side channel attack. An attacker could use variations in the signing
> algorithm to recover the private key.
> This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
> (CVE-2018-0734)
> [Paul Dale]
> For more information, see the changelog:
> https://www.openssl.org/news/cl102.txt
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2018.02.x and 2018.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list