FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
238ae7de-dba2-11e8-b713-b499baebfeafOpenSSL -- Multiple vulnerabilities in 1.1 branch

The OpenSSL project reports:

Timing vulnerability in ECDSA signature generation (CVE-2018-0735): The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key (Low).

Timing vulnerability in DSA signature generation (CVE-2018-0734): Avoid a timing attack that leaks information via a side channel that triggers when a BN is resized. Increasing the size of the BNs prior to doing anything with them suppresses the attack (Low).


Discovery 2018-10-29
Entry 2018-10-29
Modified 2018-11-10
openssl-devel
< 1.1.0i_1

openssl111
< 1.1.1_2

libressl
ge 2.8.0 lt 2.8.3

libressl-devel
ge 2.8.0 lt 2.8.3

https://www.openssl.org/news/secadv/20181029.txt
https://github.com/openssl/openssl/commit/8abfe72e
CVE-2018-0735
CVE-2018-0734