CVE-2018-0734

NameCVE-2018-0734
DescriptionThe OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-4348-1, DSA-4355-1, ELA-331-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openssl (PTS)jessie, jessie (lts)1.0.1t-1+deb8u22fixed
stretch (security)1.1.0l-1~deb9u6fixed
stretch (lts), stretch1.1.0l-1~deb9u10fixed
buster, buster (lts)1.1.1n-0+deb10u7fixed
buster (security)1.1.1n-0+deb10u6fixed
bullseye1.1.1w-0+deb11u1fixed
bullseye (security)1.1.1w-0+deb11u2fixed
bookworm3.0.15-1~deb12u1fixed
bookworm (security)3.0.14-1~deb12u2fixed
sid, trixie3.3.2-2fixed
openssl1.0 (PTS)stretch (security)1.0.2u-1~deb9u7fixed
stretch (lts), stretch1.0.2u-1~deb9u10fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
opensslsourcewheezy(not affected)
opensslsourcejessie1.0.1t-1+deb8u13ELA-331-1
opensslsourcestretch1.1.0j-1~deb9u1DSA-4348-1
opensslsource(unstable)1.1.1a-1
openssl1.0sourcestretch1.0.2q-1~deb9u1DSA-4355-1
openssl1.0source(unstable)1.0.2q-1

Notes

[jessie] - openssl <postponed> (vulnerable code not present, but see note below)
https://www.openssl.org/news/secadv/20181030.txt
OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f
OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7
OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=43e6a58d4991a451daf4891ff05a48735df871ac
Actually the version in Jessie is not vulnerable. Nevertheless there is a bug fix which
futher reduces the amount of leaked timing information. It got no CVE on its own and
introduced this vulnerability. In order to not forget this issue and probably get more
information about it later, it is marked as <postponed> instead of <not-affected>
https://git.openssl.org/?p=openssl.git;a=commitdiff;h=b96bebacfe814deb99fb64a3ed2296d95c573600
[wheezy] - openssl <not-affected> (vulnerable code not present)

Search for package or bug name: Reporting problems