<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
span.EmailStyle18
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-AU link=blue vlink=purple><div class=WordSection1><p><span style='font-family:"Calibri",sans-serif'>Timing vulnerability in DSA signature generation (CVE-2018-0734)</span> <br><span style='font-family:"Calibri",sans-serif'>================================================================</span> <br><span style='font-family:"Calibri",sans-serif'> </span> <br><span style='font-family:"Calibri",sans-serif'>Severity: Low</span> <br><span style='font-family:"Calibri",sans-serif'> </span> <br><span style='font-family:"Calibri",sans-serif'>The OpenSSL DSA signature algorithm has been shown to be vulnerable to a</span> <br><span style='font-family:"Calibri",sans-serif'>timing side channel attack. An attacker could use variations in the signing</span> <br><span style='font-family:"Calibri",sans-serif'>algorithm to recover the private key.</span> <br><span style='font-family:"Calibri",sans-serif'> </span> <br><span style='font-family:"Calibri",sans-serif'>Due to the low severity of this issue we are not issuing a new release</span> <br><span style='font-family:"Calibri",sans-serif'>of OpenSSL 1.1.1, 1.1.0 or 1.0.2 at this time. The fix will be included</span> <br><span style='font-family:"Calibri",sans-serif'>in OpenSSL 1.1.1a, OpenSSL 1.1.0j and OpenSSL 1.0.2q when they become</span> <br><span style='font-family:"Calibri",sans-serif'>available. The fix is also available in commit 8abfe72e8c (for 1.1.1),</span> <br><span style='font-family:"Calibri",sans-serif'>ef11e19d13 (for 1.1.0) and commit 43e6a58d49 (for 1.0.2) in the OpenSSL</span> <br><span style='font-family:"Calibri",sans-serif'>git repository.</span> <br><span style='font-family:"Calibri",sans-serif'> </span> <br><span style='font-family:"Calibri",sans-serif'>This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.</span> <br><span style='font-family:"Calibri",sans-serif'> </span> <br><span style='font-family:"Calibri",sans-serif'>References</span> <br><span style='font-family:"Calibri",sans-serif'>==========</span> <br><span style='font-family:"Calibri",sans-serif'> </span> <br><span style='font-family:"Calibri",sans-serif'>URL for this Security Advisory:</span> <br><span style='font-family:"Calibri",sans-serif'><a href="https://www.openssl.org/news/secadv/20181030.txt">https://www.openssl.org/news/secadv/20181030.txt</a></span> <br><span style='font-family:"Calibri",sans-serif'> </span> <br><span style='font-family:"Calibri",sans-serif'>Note: the online version of the advisory may be updated with additional details</span> <br><span style='font-family:"Calibri",sans-serif'>over time.</span> <br><span style='font-family:"Calibri",sans-serif'> </span> <br><span style='font-family:"Calibri",sans-serif'>For details of OpenSSL severity classifications please see:</span> <br><span style='font-family:"Calibri",sans-serif'><a href="https://www.openssl.org/policies/secpolicy.html">https://www.openssl.org/policies/secpolicy.html</a> <<a href="https://www.openssl.org/policies/secpolicy.html">https://www.openssl.org/policies/secpolicy.html</a>> </span><br><span style='font-family:"Calibri",sans-serif'> </span> <br><span style='font-family:"Calibri",sans-serif'> </span> <br><span style='font-family:"Calibri",sans-serif'>Pauli</span> <br><span style='font-family:"Calibri",sans-serif'>-- </span><br><span style='font-family:"Calibri",sans-serif'>Oracle</span> <br><span style='font-family:"Calibri",sans-serif'>Dr Paul Dale | Cryptographer | Network Security & Encryption </span><br><span style='font-family:"Calibri",sans-serif'>Phone +61 7 3031 7217</span> <br><span style='font-family:"Calibri",sans-serif'>Oracle Australia</span> <br><span style='font-family:"Calibri",sans-serif'> </span> <o:p></o:p></p><p><span style='font-family:"Calibri",sans-serif'>-----BEGIN PGP MESSAGE-----</span> <br><span style='font-family:"Calibri",sans-serif'>Version: GnuPG v2</span> <o:p></o:p></p><p><span style='font-family:"Calibri",sans-serif'>owGlVGtsFFUU3j4kMHRThCYEELyQCm3ZZ7cvCkUXlodSaNltEaSF3s7c3Rk6O3eZ</span> <br><span style='font-family:"Calibri",sans-serif'>me2wWOWRtipSqaFQEBAt8ggEtVSKUiQQEaxEQXkUKAjlIZZHKVVIsJh4Z7pLiz9M</span> <br><span style='font-family:"Calibri",sans-serif'>jDubzJ17znzn+8755lbqI3S9w9qbpw8/fMppDTt+q1A3t8n/eQ7n5QQPKPbzAhJh</span> <br><span style='font-family:"Calibri",sans-serif'>IcdzcgBwAnC47EDiPAKU/SICHqRGZQ4LIG7irEnGRIs1zWhJtSXF66mM//nTU0BP</span> <br><span style='font-family:"Calibri",sans-serif'>uVAxEknpdJCJFW0nh0Ugy4cElyvzH2Qg78Ekl/UCFkqgECEBSCxWBCBj8vRECo/U</span> <br><span style='font-family:"Calibri",sans-serif'>Dain5C6JEscgQLNQEBAPoCxDusgE7EJwiURAYz/PAL9EIKDIaWoltRUyYaJWJyB6</span> <br><span style='font-family:"Calibri",sans-serif'>qrs4ARcRjQlvLcMncsVQRqAIBUyaAIdfI6DGeKwAKagQYDfZ4wiyJJEMheghmgQs</span> <br><span style='font-family:"Calibri",sans-serif'>axsqUQgEpBBsHkEJ6SmSH+qD1UQug3azACyShcWUSAR0ARKdyATUvrm5RUDheF5t</span> <br><span style='font-family:"Calibri",sans-serif'>ByfQvJ9BjJ4iUp4Cgoanni0LABSYHlsEeyFQWKR1IECwaOwlfGAx5Hi1vd21SHHI</span> <br><span style='font-family:"Calibri",sans-serif'>S6TZoZDaNpLt5WSQBgvdKDURpdEgzq1xJle8QU8ht9WKrGMYq607YInXOARfTbKh</span> <br><span style='font-family:"Calibri",sans-serif'>FJicxiSNCWUQSvGhkQSJ6ikPSRWRD0ucjMVg83N6dJiYRA2LMmLUgYQEEi9bU2QW</span> <br><span style='font-family:"Calibri",sans-serif'>ZNEyLiRDVD0NCgPABb1+4pBXESchsQvNidxIRAKNpJ5210K5zkygctMm4EK0X5ux</span> <br><span style='font-family:"Calibri",sans-serif'>nSnmJEImXU+xsuyT0s1mRVFMmJSWJN6ERY+ZzFgyS4iGTLFZLW212CwmeZGsoc7A</span> <br><span style='font-family:"Calibri",sans-serif'>MkrXVGKB5wTiSCRK6tenmYdYJogPvFAdDPD7GKjKU4gzSZDhVPNCHjBIJhMhrLts</span> <br><span style='font-family:"Calibri",sans-serif'>qhpEw59MGB8qCEZBD4c9cSnNQ0ni3Bwd/A58mhtJHP2LJh/mOZpDmi5tHTCxspcH</span> <br><span style='font-family:"Calibri",sans-serif'>4/7jC+OBxpL8s6Gf5/SU0UjWWSKkeWJAhwjUbeCAxGglYKIY8MnYI0IfSzSWgBlI</span> <br><span style='font-family:"Calibri",sans-serif'>VrBY1D2MkWCSQKtJagMJJItJQ0enWEEqsFls5JZoTQ2hA7tfkkXIc+TcAO+EPxep</span> <br><span style='font-family:"Calibri",sans-serif'>C+ut6/VMuHpU6qg+/ULn5+N70Y+j+lWuPFFfv3VnR+ydNvn7BuNiZppp5qOpytsv</span> <br><span style='font-family:"Calibri",sans-serif'>dxTZyyOX13x897uduWt2Xq5/ccINV0ZceEHDVbFyx7bzx6rfYHJbBsyPBZ0j4w7U</span> <br><span style='font-family:"Calibri",sans-serif'>Xg6PnLNw3wZzY1TM7YJ555K/eeDsXdJ/q27jlb5jseXi/Y6Mt/JMB2uMRdKttXtG</span> <br><span style='font-family:"Calibri",sans-serif'>n//MsKrk9B8FWa1U1keXTj2y39V9vX/28gGrGsfsurNp4xex7KOqptboHMdiHlyq</span> <br><span style='font-family:"Calibri",sans-serif'>s+3ZPHzfjCUroLO67MvM9rKfA5uyJ9qGrIsurWialbnDvf/H/Pdf6uyztPWIcXPY</span> <br><span style='font-family:"Calibri",sans-serif'>uxsmiGej7g9aPWp0xoq9+bveq+i8Oflk9Q9VK2L61rKzY/JeH5LvPlbnzvsp1jgq</span> <br><span style='font-family:"Calibri",sans-serif'>e430uHbKhG/bq9ZPP3ArwdZ25mFt0tznqZw+eCAcVtpyIdxnoE7v2sJUJiRfwW8O</span> <br><span style='font-family:"Calibri",sans-serif'>Przl3gtO8UjOgbas+jNjP4mxrj2uNNyYEzHCXXezPL/loX3l7311Z8Vq5y/nfru6</span> <br><span style='font-family:"Calibri",sans-serif'>yV1f4ZvuHTSt2Tgs8VO2ctzA/rVFEWUXI6p/NQyu2F4W3XRt37ENSzvm8MuTbzfY</span> <br><span style='font-family:"Calibri",sans-serif'>Fh3EzzZc+qv1+itLpuz5oH3mqqXNkVtLdLsf1kZtnLqs+c91pvmZ/hrdA8OCxpM1</span> <br><span style='font-family:"Calibri",sans-serif'>WRWrz+5tdpe3DC2lxl24OHTEMsfhlFkJjeOvxc9bb9zeWNpYZ9/RfvS1rxznK2q2</span> <br><span style='font-family:"Calibri",sans-serif'>3anPjumEebkR5vEfnqi6ktCr39Hd1+MPTdO1/Q0=</span> <br><span style='font-family:"Calibri",sans-serif'>=VVHo</span> <br><span style='font-family:"Calibri",sans-serif'>-----END PGP MESSAGE-----</span> <o:p></o:p></p></div></body></html>