Synopsis: Moderate: openssl security, bug fix, and enhancement Advisory ID: SLSA-2018:3221-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-0739 CVE-2017-3735 CVE-2018-0737 CVE-2018-0732 CVE-2018-0495 -- Security Fix(es): * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) * openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) -- SL7 x86_64 openssl-1.0.2k-16.el7.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-libs-1.0.2k-16.el7.i686.rpm openssl-libs-1.0.2k-16.el7.x86_64.rpm openssl-devel-1.0.2k-16.el7.i686.rpm openssl-devel-1.0.2k-16.el7.x86_64.rpm openssl-perl-1.0.2k-16.el7.x86_64.rpm openssl-static-1.0.2k-16.el7.i686.rpm openssl-static-1.0.2k-16.el7.x86_64.rpm - Scientific Linux Development Team