OpenSSL Security Advisory [30 October 2018]
===========================================

Timing vulnerability in DSA signature generation (CVE-2018-0734)
================================================================

Severity: Low

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.

Due to the low severity of this issue we are not issuing a new release
of OpenSSL 1.1.1, 1.1.0 or 1.0.2 at this time. The fix will be included
in OpenSSL 1.1.1a, OpenSSL 1.1.0j and OpenSSL 1.0.2q when they become
available. The fix is also available in commit 8abfe72e8c (for 1.1.1),
ef11e19d13 (for 1.1.0) and commit 43e6a58d49 (for 1.0.2) in the OpenSSL
git repository.

This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.

As a result of the changes made to mitigate this vulnerability, a new
side channel attack was created.  The mitigation for this new vulnerability
can be found in these commits: 6039651c43 (for 1.1.1), 26d7fce13d (for 1.1.0)
and 880d1c76ed (for 1.0.2)

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20181030.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html