The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.
|Base Score:||5.9||Base Metrics:||AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N|
|Access Vector:||Network||Attack Complexity:||High|
|Privileges Required:||None||User Interaction:||None|
|Integrity Impact:||None||Availability Impact:||None|
|Oracle Linux version 6 (openssl)||ELSA-2018-4248||2018-10-12|
|Oracle Linux version 7 (openssl)||ELSA-2018-3221||2018-11-05|
|Oracle Linux version 7 (openssl)||ELSA-2018-4249||2018-10-12|
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team