diff options
author | Matt Caswell <matt@openssl.org> | 2018-11-20 10:52:53 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-11-20 11:57:17 +0000 |
commit | 548cce63dd401b89e26d049152e3f9465f82720f (patch) | |
tree | f3c5bb0ecbe0bed0b5f089c54cffe640fcc08ae1 | |
parent | d88ff8962c2fd86aeb7ca7297ca9526d0916787e (diff) |
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7667)
-rw-r--r-- | CHANGES | 10 | ||||
-rw-r--r-- | NEWS | 3 |
2 files changed, 12 insertions, 1 deletions
@@ -22,6 +22,16 @@ (CVE-2018-5407) [Billy Brumley] + *) Timing vulnerability in DSA signature generation + + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + (CVE-2018-0734) + [Paul Dale] + *) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module, accidentally introduced while backporting security fixes from the development branch and hindering the use of ECC in FIPS mode. @@ -7,7 +7,8 @@ Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [under development] - o + o Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) + o Timing vulnerability in DSA signature generation (CVE-2018-0734) Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] |