FreeBSD : OpenSSL -- Multiple vulnerabilities in 1.1 branch (238ae7de-dba2-11e8-b713-b499baebfeaf)
High Nessus Plugin ID 118496
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe OpenSSL project reports :
Timing vulnerability in ECDSA signature generation (CVE-2018-0735):
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key (Low).
Timing vulnerability in DSA signature generation (CVE-2018-0734) :
Avoid a timing attack that leaks information via a side channel that triggers when a BN is resized. Increasing the size of the BNs prior to doing anything with them suppresses the attack (Low).
SolutionUpdate the affected packages.