2018-10-30 13:29:00 2020-08-24 19:37:00

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Oracle Tuxedo 12.1.1.0.0 * * * (not an official CPE) Oracle Primavera p6 professional project management 18.8 * * * (not an official CPE) Oracle Primavera p6 professional project management * * * * (not an official CPE) Oracle Primavera p6 professional project management 16.2 * * * (not an official CPE) Oracle Primavera p6 professional project management 16.1 * * * (not an official CPE) Oracle Primavera p6 professional project management 15.2 * * * (not an official CPE) Oracle Primavera p6 professional project management 15.1 * * * (not an official CPE) Oracle Primavera p6 professional project management 8.4 * * * (not an official CPE) Oracle Peoplesoft enterprise peopletools 8.57 * * * (not an official CPE) Oracle Peoplesoft enterprise peopletools 8.56 * * * (not an official CPE) Oracle Peoplesoft enterprise peopletools 8.55 * * * (not an official CPE) Oracle Mysql enterprise backup * * * * (not an official CPE) Oracle Mysql enterprise backup * * * * (not an official CPE) Oracle Enterprise manager ops center 12.3.3 * * * (not an official CPE) Oracle Enterprise manager base platform 13.3.0.0.0 * * * (not an official CPE) Oracle Enterprise manager base platform 13.2.0.0.0 * * * (not an official CPE) Oracle Enterprise manager base platform 12.1.0.5.0 * * * (not an official CPE) Oracle E-business suite technology stack 1.0.1 * * * (not an official CPE) Oracle E-business suite technology stack 1.0.0 * * * (not an official CPE) Oracle E-business suite technology stack 0.9.8 * * * (not an official CPE) Oracle Api gateway 11.1.2.4.0 * * * (not an official CPE) Netapp Storage automation store - * * * (not an official CPE) Netapp Steelstore - * * * (not an official CPE) Netapp Snapcenter - * * * (not an official CPE) Netapp Santricity smi-s provider - * * * (not an official CPE) Netapp Oncommand unified manager * * * * (not an official CPE) Netapp Cloud backup - * * * (not an official CPE) Nodejs Node.js * * * * (not an official CPE) Nodejs Node.js * * * * (not an official CPE) Nodejs Node.js * * * * (not an official CPE) Nodejs Node.js * * * * (not an official CPE) Openssl Openssl 1.1.1 * * * (not an official CPE) Openssl Openssl * * * * (not an official CPE) Openssl Openssl * * * * (not an official CPE)
Advisory Patch Confirmed Link
https://lists.fedoraproject.org/archives/list/package-an...
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdi...
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdi...
https://lists.fedoraproject.org/archives/list/package-an...
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdi...
https://access.redhat.com/errata/RHSA-2019:3935
https://access.redhat.com/errata/RHSA-2019:3933
https://access.redhat.com/errata/RHSA-2019:3700
https://access.redhat.com/errata/RHSA-2019:3932
https://access.redhat.com/errata/RHSA-2019:2304
http://www.securityfocus.com/bid/105758
http://lists.opensuse.org/opensuse-security-announce/201...
http://lists.opensuse.org/opensuse-security-announce/201...
https://lists.fedoraproject.org/archives/list/package-an...
https://nodejs.org/en/blog/vulnerability/november-2018-s...
https://security.netapp.com/advisory/ntap-20181105-0002/
https://security.netapp.com/advisory/ntap-20190118-0002/
https://security.netapp.com/advisory/ntap-20190423-0002/
https://usn.ubuntu.com/3840-1/
https://www.debian.org/security/2018/dsa-4348
https://www.debian.org/security/2018/dsa-4355
https://www.openssl.org/news/secadv/20181030.txt
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/technetwork/security-advisory/cpu...
https://www.oracle.com/technetwork/security-advisory/cpu...
https://www.oracle.com/technetwork/security-advisory/cpu...
https://www.tenable.com/security/tns-2018-16
https://www.tenable.com/security/tns-2018-17