rhsa-2019_3700
Vulnerability from csaf_redhat
Published
2019-11-05 22:28
Modified
2024-11-05 21:33
Summary
Red Hat Security Advisory: openssl security, bug fix, and enhancement update

Notes

Topic
An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl (1.1.1c). (BZ#1643026) Security Fix(es): * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * openssl: timing side channel attack in the ECDSA signature generation (CVE-2018-0735) * openssl: ChaCha20-Poly1305 with long nonces (CVE-2019-1543) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for openssl is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nThe following packages have been upgraded to a later upstream version: openssl (1.1.1c). (BZ#1643026)\n\nSecurity Fix(es):\n\n* openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)\n\n* openssl: timing side channel attack in the ECDSA signature generation (CVE-2018-0735)\n\n* openssl: ChaCha20-Poly1305 with long nonces (CVE-2019-1543)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2019:3700",
        "url": "https://access.redhat.com/errata/RHSA-2019:3700"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/"
      },
      {
        "category": "external",
        "summary": "1644356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644356"
      },
      {
        "category": "external",
        "summary": "1644364",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
      },
      {
        "category": "external",
        "summary": "1668880",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668880"
      },
      {
        "category": "external",
        "summary": "1686058",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686058"
      },
      {
        "category": "external",
        "summary": "1686548",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686548"
      },
      {
        "category": "external",
        "summary": "1695954",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695954"
      },
      {
        "category": "external",
        "summary": "1697915",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1697915"
      },
      {
        "category": "external",
        "summary": "1706104",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1706104"
      },
      {
        "category": "external",
        "summary": "1706915",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1706915"
      },
      {
        "category": "external",
        "summary": "1712023",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712023"
      },
      {
        "category": "external",
        "summary": "1714245",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1714245"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3700.json"
      }
    ],
    "title": "Red Hat Security Advisory: openssl security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-05T21:33:56+00:00",
      "generator": {
        "date": "2024-11-05T21:33:56+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2019:3700",
      "initial_release_date": "2019-11-05T22:28:48+00:00",
      "revision_history": [
        {
          "date": "2019-11-05T22:28:48+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-11-05T22:28:48+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T21:33:56+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                  "product_id": "BaseOS-8.1.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-libs-1:1.1.1c-2.el8.aarch64",
                "product": {
                  "name": "openssl-libs-1:1.1.1c-2.el8.aarch64",
                  "product_id": "openssl-libs-1:1.1.1c-2.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs@1.1.1c-2.el8?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debuginfo-1:1.1.1c-2.el8.aarch64",
                "product": {
                  "name": "openssl-debuginfo-1:1.1.1c-2.el8.aarch64",
                  "product_id": "openssl-debuginfo-1:1.1.1c-2.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debuginfo@1.1.1c-2.el8?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-perl-1:1.1.1c-2.el8.aarch64",
                "product": {
                  "name": "openssl-perl-1:1.1.1c-2.el8.aarch64",
                  "product_id": "openssl-perl-1:1.1.1c-2.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-perl@1.1.1c-2.el8?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-devel-1:1.1.1c-2.el8.aarch64",
                "product": {
                  "name": "openssl-devel-1:1.1.1c-2.el8.aarch64",
                  "product_id": "openssl-devel-1:1.1.1c-2.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-devel@1.1.1c-2.el8?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debugsource-1:1.1.1c-2.el8.aarch64",
                "product": {
                  "name": "openssl-debugsource-1:1.1.1c-2.el8.aarch64",
                  "product_id": "openssl-debugsource-1:1.1.1c-2.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debugsource@1.1.1c-2.el8?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1:1.1.1c-2.el8.aarch64",
                "product": {
                  "name": "openssl-1:1.1.1c-2.el8.aarch64",
                  "product_id": "openssl-1:1.1.1c-2.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl@1.1.1c-2.el8?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-libs-debuginfo-1:1.1.1c-2.el8.aarch64",
                "product": {
                  "name": "openssl-libs-debuginfo-1:1.1.1c-2.el8.aarch64",
                  "product_id": "openssl-libs-debuginfo-1:1.1.1c-2.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs-debuginfo@1.1.1c-2.el8?arch=aarch64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-libs-1:1.1.1c-2.el8.x86_64",
                "product": {
                  "name": "openssl-libs-1:1.1.1c-2.el8.x86_64",
                  "product_id": "openssl-libs-1:1.1.1c-2.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs@1.1.1c-2.el8?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debuginfo-1:1.1.1c-2.el8.x86_64",
                "product": {
                  "name": "openssl-debuginfo-1:1.1.1c-2.el8.x86_64",
                  "product_id": "openssl-debuginfo-1:1.1.1c-2.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debuginfo@1.1.1c-2.el8?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-perl-1:1.1.1c-2.el8.x86_64",
                "product": {
                  "name": "openssl-perl-1:1.1.1c-2.el8.x86_64",
                  "product_id": "openssl-perl-1:1.1.1c-2.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-perl@1.1.1c-2.el8?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-devel-1:1.1.1c-2.el8.x86_64",
                "product": {
                  "name": "openssl-devel-1:1.1.1c-2.el8.x86_64",
                  "product_id": "openssl-devel-1:1.1.1c-2.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-devel@1.1.1c-2.el8?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debugsource-1:1.1.1c-2.el8.x86_64",
                "product": {
                  "name": "openssl-debugsource-1:1.1.1c-2.el8.x86_64",
                  "product_id": "openssl-debugsource-1:1.1.1c-2.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debugsource@1.1.1c-2.el8?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1:1.1.1c-2.el8.x86_64",
                "product": {
                  "name": "openssl-1:1.1.1c-2.el8.x86_64",
                  "product_id": "openssl-1:1.1.1c-2.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl@1.1.1c-2.el8?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-libs-debuginfo-1:1.1.1c-2.el8.x86_64",
                "product": {
                  "name": "openssl-libs-debuginfo-1:1.1.1c-2.el8.x86_64",
                  "product_id": "openssl-libs-debuginfo-1:1.1.1c-2.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs-debuginfo@1.1.1c-2.el8?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-libs-1:1.1.1c-2.el8.i686",
                "product": {
                  "name": "openssl-libs-1:1.1.1c-2.el8.i686",
                  "product_id": "openssl-libs-1:1.1.1c-2.el8.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs@1.1.1c-2.el8?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debuginfo-1:1.1.1c-2.el8.i686",
                "product": {
                  "name": "openssl-debuginfo-1:1.1.1c-2.el8.i686",
                  "product_id": "openssl-debuginfo-1:1.1.1c-2.el8.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debuginfo@1.1.1c-2.el8?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-devel-1:1.1.1c-2.el8.i686",
                "product": {
                  "name": "openssl-devel-1:1.1.1c-2.el8.i686",
                  "product_id": "openssl-devel-1:1.1.1c-2.el8.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-devel@1.1.1c-2.el8?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debugsource-1:1.1.1c-2.el8.i686",
                "product": {
                  "name": "openssl-debugsource-1:1.1.1c-2.el8.i686",
                  "product_id": "openssl-debugsource-1:1.1.1c-2.el8.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debugsource@1.1.1c-2.el8?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-libs-debuginfo-1:1.1.1c-2.el8.i686",
                "product": {
                  "name": "openssl-libs-debuginfo-1:1.1.1c-2.el8.i686",
                  "product_id": "openssl-libs-debuginfo-1:1.1.1c-2.el8.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs-debuginfo@1.1.1c-2.el8?arch=i686\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-libs-1:1.1.1c-2.el8.s390x",
                "product": {
                  "name": "openssl-libs-1:1.1.1c-2.el8.s390x",
                  "product_id": "openssl-libs-1:1.1.1c-2.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs@1.1.1c-2.el8?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debuginfo-1:1.1.1c-2.el8.s390x",
                "product": {
                  "name": "openssl-debuginfo-1:1.1.1c-2.el8.s390x",
                  "product_id": "openssl-debuginfo-1:1.1.1c-2.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debuginfo@1.1.1c-2.el8?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-perl-1:1.1.1c-2.el8.s390x",
                "product": {
                  "name": "openssl-perl-1:1.1.1c-2.el8.s390x",
                  "product_id": "openssl-perl-1:1.1.1c-2.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-perl@1.1.1c-2.el8?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-devel-1:1.1.1c-2.el8.s390x",
                "product": {
                  "name": "openssl-devel-1:1.1.1c-2.el8.s390x",
                  "product_id": "openssl-devel-1:1.1.1c-2.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-devel@1.1.1c-2.el8?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debugsource-1:1.1.1c-2.el8.s390x",
                "product": {
                  "name": "openssl-debugsource-1:1.1.1c-2.el8.s390x",
                  "product_id": "openssl-debugsource-1:1.1.1c-2.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debugsource@1.1.1c-2.el8?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1:1.1.1c-2.el8.s390x",
                "product": {
                  "name": "openssl-1:1.1.1c-2.el8.s390x",
                  "product_id": "openssl-1:1.1.1c-2.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl@1.1.1c-2.el8?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-libs-debuginfo-1:1.1.1c-2.el8.s390x",
                "product": {
                  "name": "openssl-libs-debuginfo-1:1.1.1c-2.el8.s390x",
                  "product_id": "openssl-libs-debuginfo-1:1.1.1c-2.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs-debuginfo@1.1.1c-2.el8?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-libs-1:1.1.1c-2.el8.ppc64le",
                "product": {
                  "name": "openssl-libs-1:1.1.1c-2.el8.ppc64le",
                  "product_id": "openssl-libs-1:1.1.1c-2.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs@1.1.1c-2.el8?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debuginfo-1:1.1.1c-2.el8.ppc64le",
                "product": {
                  "name": "openssl-debuginfo-1:1.1.1c-2.el8.ppc64le",
                  "product_id": "openssl-debuginfo-1:1.1.1c-2.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debuginfo@1.1.1c-2.el8?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-perl-1:1.1.1c-2.el8.ppc64le",
                "product": {
                  "name": "openssl-perl-1:1.1.1c-2.el8.ppc64le",
                  "product_id": "openssl-perl-1:1.1.1c-2.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-perl@1.1.1c-2.el8?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-devel-1:1.1.1c-2.el8.ppc64le",
                "product": {
                  "name": "openssl-devel-1:1.1.1c-2.el8.ppc64le",
                  "product_id": "openssl-devel-1:1.1.1c-2.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-devel@1.1.1c-2.el8?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debugsource-1:1.1.1c-2.el8.ppc64le",
                "product": {
                  "name": "openssl-debugsource-1:1.1.1c-2.el8.ppc64le",
                  "product_id": "openssl-debugsource-1:1.1.1c-2.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debugsource@1.1.1c-2.el8?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1:1.1.1c-2.el8.ppc64le",
                "product": {
                  "name": "openssl-1:1.1.1c-2.el8.ppc64le",
                  "product_id": "openssl-1:1.1.1c-2.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl@1.1.1c-2.el8?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-libs-debuginfo-1:1.1.1c-2.el8.ppc64le",
                "product": {
                  "name": "openssl-libs-debuginfo-1:1.1.1c-2.el8.ppc64le",
                  "product_id": "openssl-libs-debuginfo-1:1.1.1c-2.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs-debuginfo@1.1.1c-2.el8?arch=ppc64le\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-1:1.1.1c-2.el8.src",
                "product": {
                  "name": "openssl-1:1.1.1c-2.el8.src",
                  "product_id": "openssl-1:1.1.1c-2.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl@1.1.1c-2.el8?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.1.1c-2.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.aarch64"
        },
        "product_reference": "openssl-1:1.1.1c-2.el8.aarch64",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.1.1c-2.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.ppc64le"
        },
        "product_reference": "openssl-1:1.1.1c-2.el8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.1.1c-2.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.s390x"
        },
        "product_reference": "openssl-1:1.1.1c-2.el8.s390x",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.1.1c-2.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.src"
        },
        "product_reference": "openssl-1:1.1.1c-2.el8.src",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.1.1c-2.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.x86_64"
        },
        "product_reference": "openssl-1:1.1.1c-2.el8.x86_64",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.1.1c-2.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.aarch64"
        },
        "product_reference": "openssl-debuginfo-1:1.1.1c-2.el8.aarch64",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.1.1c-2.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.i686"
        },
        "product_reference": "openssl-debuginfo-1:1.1.1c-2.el8.i686",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.1.1c-2.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.ppc64le"
        },
        "product_reference": "openssl-debuginfo-1:1.1.1c-2.el8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.1.1c-2.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.s390x"
        },
        "product_reference": "openssl-debuginfo-1:1.1.1c-2.el8.s390x",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.1.1c-2.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.x86_64"
        },
        "product_reference": "openssl-debuginfo-1:1.1.1c-2.el8.x86_64",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debugsource-1:1.1.1c-2.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.aarch64"
        },
        "product_reference": "openssl-debugsource-1:1.1.1c-2.el8.aarch64",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debugsource-1:1.1.1c-2.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.i686"
        },
        "product_reference": "openssl-debugsource-1:1.1.1c-2.el8.i686",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debugsource-1:1.1.1c-2.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.ppc64le"
        },
        "product_reference": "openssl-debugsource-1:1.1.1c-2.el8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debugsource-1:1.1.1c-2.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.s390x"
        },
        "product_reference": "openssl-debugsource-1:1.1.1c-2.el8.s390x",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debugsource-1:1.1.1c-2.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.x86_64"
        },
        "product_reference": "openssl-debugsource-1:1.1.1c-2.el8.x86_64",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.1.1c-2.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.aarch64"
        },
        "product_reference": "openssl-devel-1:1.1.1c-2.el8.aarch64",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.1.1c-2.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.i686"
        },
        "product_reference": "openssl-devel-1:1.1.1c-2.el8.i686",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.1.1c-2.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.ppc64le"
        },
        "product_reference": "openssl-devel-1:1.1.1c-2.el8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.1.1c-2.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.s390x"
        },
        "product_reference": "openssl-devel-1:1.1.1c-2.el8.s390x",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.1.1c-2.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.x86_64"
        },
        "product_reference": "openssl-devel-1:1.1.1c-2.el8.x86_64",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.1.1c-2.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.aarch64"
        },
        "product_reference": "openssl-libs-1:1.1.1c-2.el8.aarch64",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.1.1c-2.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.i686"
        },
        "product_reference": "openssl-libs-1:1.1.1c-2.el8.i686",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.1.1c-2.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.ppc64le"
        },
        "product_reference": "openssl-libs-1:1.1.1c-2.el8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.1.1c-2.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.s390x"
        },
        "product_reference": "openssl-libs-1:1.1.1c-2.el8.s390x",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.1.1c-2.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.x86_64"
        },
        "product_reference": "openssl-libs-1:1.1.1c-2.el8.x86_64",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-debuginfo-1:1.1.1c-2.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.aarch64"
        },
        "product_reference": "openssl-libs-debuginfo-1:1.1.1c-2.el8.aarch64",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-debuginfo-1:1.1.1c-2.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.i686"
        },
        "product_reference": "openssl-libs-debuginfo-1:1.1.1c-2.el8.i686",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-debuginfo-1:1.1.1c-2.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.ppc64le"
        },
        "product_reference": "openssl-libs-debuginfo-1:1.1.1c-2.el8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-debuginfo-1:1.1.1c-2.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.s390x"
        },
        "product_reference": "openssl-libs-debuginfo-1:1.1.1c-2.el8.s390x",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-debuginfo-1:1.1.1c-2.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.x86_64"
        },
        "product_reference": "openssl-libs-debuginfo-1:1.1.1c-2.el8.x86_64",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.1.1c-2.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.aarch64"
        },
        "product_reference": "openssl-perl-1:1.1.1c-2.el8.aarch64",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.1.1c-2.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.ppc64le"
        },
        "product_reference": "openssl-perl-1:1.1.1c-2.el8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.1.1c-2.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.s390x"
        },
        "product_reference": "openssl-perl-1:1.1.1c-2.el8.s390x",
        "relates_to_product_reference": "BaseOS-8.1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.1.1c-2.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.x86_64"
        },
        "product_reference": "openssl-perl-1:1.1.1c-2.el8.x86_64",
        "relates_to_product_reference": "BaseOS-8.1.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-0734",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2018-10-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1644364"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: timing side channel attack in the DSA signature algorithm",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.src",
          "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.i686",
          "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.i686",
          "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.i686",
          "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.i686",
          "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.i686",
          "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-0734"
        },
        {
          "category": "external",
          "summary": "RHBZ#1644364",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
        }
      ],
      "release_date": "2018-10-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2019-11-05T22:28:48+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.",
          "product_ids": [
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.src",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3700"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.src",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openssl: timing side channel attack in the DSA signature algorithm"
    },
    {
      "cve": "CVE-2018-0735",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2018-10-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1644356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: timing side channel attack in the ECDSA signature generation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.src",
          "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.i686",
          "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.i686",
          "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.i686",
          "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.i686",
          "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.i686",
          "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-0735"
        },
        {
          "category": "external",
          "summary": "RHBZ#1644356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0735",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-0735"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
        }
      ],
      "release_date": "2018-10-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2019-11-05T22:28:48+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.",
          "product_ids": [
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.src",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3700"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.src",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openssl: timing side channel attack in the ECDSA signature generation"
    },
    {
      "cve": "CVE-2019-1543",
      "cwe": {
        "id": "CWE-323",
        "name": "Reusing a Nonce, Key Pair in Encryption"
      },
      "discovery_date": "2019-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1695954"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: ChaCha20-Poly1305 with long nonces",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.src",
          "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.i686",
          "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.i686",
          "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.i686",
          "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.i686",
          "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.i686",
          "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.x86_64",
          "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.aarch64",
          "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.ppc64le",
          "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.s390x",
          "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-1543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1695954",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695954"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-1543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1543"
        }
      ],
      "release_date": "2019-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2019-11-05T22:28:48+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.",
          "product_ids": [
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.src",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3700"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.src",
            "BaseOS-8.1.0:openssl-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-debuginfo-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-debugsource-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-devel-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-libs-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.i686",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-libs-debuginfo-1:1.1.1c-2.el8.x86_64",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.aarch64",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.ppc64le",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.s390x",
            "BaseOS-8.1.0:openssl-perl-1:1.1.1c-2.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openssl: ChaCha20-Poly1305 with long nonces"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.