FreeBSD : OpenSSL -- vulnerability in DSA signing (6f0529e2-2e82-11e6-b2ec-b499baebfeaf)
Low Nessus Plugin ID 91553
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe OpenSSL team reports :
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.
SolutionUpdate the affected packages.