F5 Networks BIG-IP : OpenSSL vulnerability (K53084033)
Low Nessus Plugin ID 100704
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. (CVE-2016-2178)
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K53084033.