http://bugzilla.opensuse.org/show_bug.cgi?id=1097779 Bug ID: 1097779 Summary: VUL-0: CVE-2018-12434: LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channelattack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problemor ROHNP. To discover a key, the attacker needs access to Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/208302/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: jengelh@inai.de Reporter: meissner@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2018-12434 LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12434 https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt -- You are receiving this mail because: You are on the CC list for the bug.