You are here

Home › OpenSSL Vulnerabilities Fixed in Version 1.0.2q

OpenSSL Vulnerabilities Fixed in Version 1.0.2q

Submitted on 22. November 2018 - 16:30 by rischi.
Last update on 22. November 2018 - 18:01.
IDs: 
CVE-2018-5407, CVE-2018-0734
Keywords: 
ECC, DSA
Description: 

OpenSSL 1.0.2q fixes two vulnerabilities [1]

Airlock WAF is not affected

Details

  • CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication. The criticality for Airlock WAF is negligible because of the difficulty to mount the timing side channel in realistic deployment scenarios for Airlock WAF.
  • CVE-2018-0734: see [2]
Resolution: 

No action required.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock
Reference: 
[1] OpenSSL 1.0.2 Series Release Notes
[2] TZ article: OpenSSL Vulnerability related to OpenSSL Security Advisory 30 October 2018
© Ergon Informatik AG