CVE-2018-0735 (api_gateway, application_server, cloud_backup, cn1610_firmware, debian_linux, element_software, enterprise_manager_base_platform, enterprise_manager_ops_center, mysql, node.js, oncommand_unified_manager, openssl, peoplesoft_enterprise_peopletools, primavera_p6_enterprise_project_portfolio_management, santricity_smi-s_provider, secure_global_desktop, smi-s_provider, snapdrive, steelstore, tuxedo, ubuntu_linux, vm_virtualbox)

CVE-2018-0735 (api_gateway, application_server, cloud_backup, cn1610_firmware, debian_linux, element_software, enterprise_manager_base_platform, enterprise_manager_ops_center, mysql, node.js, oncommand_unified_manager, openssl, peoplesoft_enterprise_peopletools, primavera_p6_enterprise_project_portfolio_management, santricity_smi-s_provider, secure_global_desktop, smi-s_provider, snapdrive, steelstore, tuxedo, ubuntu_linux, vm_virtualbox)

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).Read More