Description
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
Remediation
References
Related Vulnerabilities
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1914)
WordPress Plugin Backup & Restore Dropbox Multiple Vulnerabilities (1.4.7.5)
MySQL CVE-2016-0504 Vulnerability (CVE-2016-0504)
WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Request Forgery (1.22.24)
WordPress Plugin Token Manager 'tid' Parameter Multiple Cross-Site Scripting Vulnerabilities (1.0.2)