CVE-2016-2178

CVE Details

Release Date:2016-05-23

Description


The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSLthrough 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

See more information about CVE-2016-2178 from MITRE CVE dictionary and NIST NVD


CVSS v2 metrics


NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score:1.9 Base Metrics:AV:L/AC:M/Au:N/C:P/I:N/A:N
Access Vector: Local network Confidentiality Impact: Partial
Access Impact: Medium Integrity Impact: None
Authentication: None required Availability Impact: None

Errata information


PlatformErrataRelease Date
Oracle Linux version 5 (openssl)ELSA-2016-36272016-10-13
Oracle Linux version 6 (openssl)ELSA-2016-19402016-09-27
Oracle Linux version 6 (openssl)ELSA-2016-36212016-09-27
Oracle Linux version 7 (openssl)ELSA-2016-19402016-09-27
Oracle Linux version 7 (openssl)ELSA-2016-36212016-09-27
Oracle VM version 3.2 (openssl)OVMSA-2016-01412016-10-13
Oracle VM version 3.3 (openssl)OVMSA-2016-01352016-09-27
Oracle VM version 3.4 (openssl)OVMSA-2016-01352016-09-27



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete