exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

CVE-2018-0737

Status Candidate

Overview

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

Related Files

Red Hat Security Advisory 2019-3935-01
Posted Nov 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3935-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-0734, CVE-2018-0737, CVE-2018-17189, CVE-2018-17199, CVE-2018-5407, CVE-2019-0196, CVE-2019-0197, CVE-2019-0217, CVE-2019-9511, CVE-2019-9513, CVE-2019-9516, CVE-2019-9517
SHA-256 | 38d04c60a0844680fb8dbf1f69783df06839251f87cb4f8f1f68b024aae0c58d
Red Hat Security Advisory 2019-3932-01
Posted Nov 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3932-01 - This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-0734, CVE-2018-0737, CVE-2018-17189, CVE-2018-17199, CVE-2018-5407, CVE-2019-0196, CVE-2019-0197, CVE-2019-0217, CVE-2019-9511, CVE-2019-9513, CVE-2019-9516, CVE-2019-9517
SHA-256 | f949d1cc276a7bf012b0e797c6862801bf97e2c5aaac95a796e59d77b371fb59
Red Hat Security Advisory 2019-3933-01
Posted Nov 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3933-01 - This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-0734, CVE-2018-0737, CVE-2018-17189, CVE-2018-17199, CVE-2018-5407, CVE-2019-0196, CVE-2019-0197, CVE-2019-0217, CVE-2019-9511, CVE-2019-9513, CVE-2019-9516, CVE-2019-9517
SHA-256 | dac80e1c3458729338d3267cf431efdab4daa1ca2b791a55f1f323f8a84c4bb4
Debian Security Advisory 4355-1
Posted Dec 20, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4355-1 - Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.

tags | advisory, denial of service, local
systems | linux, debian
advisories | CVE-2018-0732, CVE-2018-0734, CVE-2018-0737, CVE-2018-5407
SHA-256 | b913df49694577978d9065ec818547f4d3d6619f2cbbc393194fc7e2ac40992a
Debian Security Advisory 4348-1
Posted Dec 3, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4348-1 - Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.

tags | advisory, denial of service, local
systems | linux, debian
advisories | CVE-2018-0732, CVE-2018-0734, CVE-2018-0735, CVE-2018-0737, CVE-2018-5407
SHA-256 | 984666d462c32381f4c81ceeb80d94d68254862db64e2525c9fc37e73b61fd81
Gentoo Linux Security Advisory 201811-21
Posted Nov 29, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201811-21 - Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. Versions less than 1.0.2o are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2018-0733, CVE-2018-0737, CVE-2018-0739
SHA-256 | c1d2c4c1f169d7444a8ec783ed15c7533f43aef45a89c4f6cbccef76230c09e9
Red Hat Security Advisory 2018-3505-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3505-01 - Red Hat Ansible Tower 3.3.1 is now available and contains a large amount of security fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-9262, CVE-2016-9396, CVE-2017-1000050, CVE-2017-18267, CVE-2017-3735, CVE-2018-0495, CVE-2018-0732, CVE-2018-0737, CVE-2018-0739, CVE-2018-1000805, CVE-2018-1060, CVE-2018-1061, CVE-2018-10733, CVE-2018-10767, CVE-2018-10768, CVE-2018-10844, CVE-2018-10845, CVE-2018-10846, CVE-2018-12384, CVE-2018-12910, CVE-2018-13988, CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-16837, CVE-2018-17456
SHA-256 | 5a18fce8ca273b8a62b85b1a2bf4e5b4df4fb5583a3543625bcc53528045ab49
Red Hat Security Advisory 2018-3221-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3221-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2017-3735, CVE-2018-0495, CVE-2018-0732, CVE-2018-0737, CVE-2018-0739
SHA-256 | f834291e7efc55a6d4018d8ba12fd62c80f36b5a912355996aca5eab461c7cff
OpenSSL Toolkit 1.1.0i
Posted Aug 17, 2018
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Addressed a client denial of service due to a large DH parameter addressed. Cache timing vulnerability fixed. Various other updates and fixes.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2018-0732, CVE-2018-0737
SHA-256 | ebbfc844a8c8cc0ea5dc10b86c9ce97f401837f3fa08c17b2cdadc118253cf99
Slackware Security Advisory - openssl Updates
Posted Aug 14, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-0732, CVE-2018-0737
SHA-256 | 6e711887d2814ee045ff01a89ca03e6b1ae678c324141c1fa0b6f5d63c441183
Ubuntu Security Notice USN-3692-1
Posted Jun 26, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3692-1 - Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Guido Vranken discovered that OpenSSL incorrectly handled very large prime values during a key agreement. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-0495, CVE-2018-0732, CVE-2018-0737
SHA-256 | 64a55400d3928d560eed60fa189b3f16e104aacf734c115775b42e7ec6f162c5
Ubuntu Security Notice USN-3692-2
Posted Jun 26, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3692-2 - USN-3692-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-0737, CVE-2018-0495, CVE-2018-0732, CVE-2018-0737
SHA-256 | c9a4413cce1293192cef94ae1323f4ac3f80a693b84d4dd16582f330058c726d
Ubuntu Security Notice USN-3628-2
Posted Apr 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3628-2 - USN-3628-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-0737
SHA-256 | b97eef64acda8f70ac874f053e082d5142efeacf22be47d9cfa82d52b78aea64
Ubuntu Security Notice USN-3628-1
Posted Apr 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3628-1 - Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-0737
SHA-256 | 2b906fe54f8dc8733e2e48459df788f7e92245ff6eede0444543bfe996334f6d
OpenSSL Security Advisory 20180416
Posted Apr 16, 2018
Site openssl.org

OpenSSL Security Advisory 20180416 - The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key.

tags | advisory
advisories | CVE-2018-0737
SHA-256 | 581c7fa15f265616cc367ae71f6de43d4bb9e454c88eb4259b677109a01c9944
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close