Amazon Linux AMI : openssl (ALAS-2018-1000)
Medium Nessus Plugin ID 109182
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionRSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys :
OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key. (CVE-2018-0737)
SolutionRun 'yum update openssl' to update your system.