Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2016-2178
Description:The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
Test IDs: 1.3.6.1.4.1.25623.1.1.4.2017.2699.1   1.3.6.1.4.1.25623.1.1.4.2017.2700.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2016-2178
BugTraq ID: 91081
http://www.securityfocus.com/bid/91081
FreeBSD Security Advisory: FreeBSD-SA-16:26
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
https://security.gentoo.org/glsa/201612-16
http://eprint.iacr.org/2016/594.pdf
http://www.openwall.com/lists/oss-security/2016/06/08/2
http://www.openwall.com/lists/oss-security/2016/06/09/8
RedHat Security Advisories: RHSA-2016:1940
http://rhn.redhat.com/errata/RHSA-2016-1940.html
RedHat Security Advisories: RHSA-2016:2957
http://rhn.redhat.com/errata/RHSA-2016-2957.html
RedHat Security Advisories: RHSA-2017:0193
https://access.redhat.com/errata/RHSA-2017:0193
RedHat Security Advisories: RHSA-2017:0194
https://access.redhat.com/errata/RHSA-2017:0194
RedHat Security Advisories: RHSA-2017:1658
https://access.redhat.com/errata/RHSA-2017:1658
RedHat Security Advisories: RHSA-2017:1659
http://rhn.redhat.com/errata/RHSA-2017-1659.html
http://www.securitytracker.com/id/1036054
SuSE Security Announcement: SUSE-SU-2016:2470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html




© 1998-2024 E-Soft Inc. All rights reserved.