Name | CVE-2018-0734 |
Description | The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DSA-4348-1, DSA-4355-1, ELA-331-1 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
openssl (PTS) | jessie, jessie (lts) | 1.0.1t-1+deb8u22 | fixed |
| stretch (security) | 1.1.0l-1~deb9u6 | fixed |
| stretch (lts), stretch | 1.1.0l-1~deb9u10 | fixed |
| buster, buster (lts) | 1.1.1n-0+deb10u7 | fixed |
| buster (security) | 1.1.1n-0+deb10u6 | fixed |
| bullseye | 1.1.1w-0+deb11u1 | fixed |
| bullseye (security) | 1.1.1w-0+deb11u2 | fixed |
| bookworm | 3.0.15-1~deb12u1 | fixed |
| bookworm (security) | 3.0.14-1~deb12u2 | fixed |
| sid, trixie | 3.3.2-2 | fixed |
openssl1.0 (PTS) | stretch (security) | 1.0.2u-1~deb9u7 | fixed |
| stretch (lts), stretch | 1.0.2u-1~deb9u10 | fixed |
The information below is based on the following data on fixed versions.
Notes
[jessie] - openssl <postponed> (vulnerable code not present, but see note below)
https://www.openssl.org/news/secadv/20181030.txt
OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f
OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7
OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=43e6a58d4991a451daf4891ff05a48735df871ac
Actually the version in Jessie is not vulnerable. Nevertheless there is a bug fix which
futher reduces the amount of leaked timing information. It got no CVE on its own and
introduced this vulnerability. In order to not forget this issue and probably get more
information about it later, it is marked as <postponed> instead of <not-affected>
https://git.openssl.org/?p=openssl.git;a=commitdiff;h=b96bebacfe814deb99fb64a3ed2296d95c573600
[wheezy] - openssl <not-affected> (vulnerable code not present)