Support Content Notification - Support Portal

BSA-2018-636

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21484

Last Updated

20 September 2019

Initial Publication Date

02 July 2018

Status

Closed

Severity

Medium

CVSS Base Score

5.9

WorkAround

Affected CVE

CVE-2018-0737

Summary

Security Advisory ID : BSA-2018-636

Component : OpenSSL

Revision : 2.0: Final

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

Affected Products
Security updates have been provided in Brocade Fabric OS versions 8.2.2,8.2.1c,8.1.2h and Ficon Patches 8.1.2a7 8.2.0a4. This CVE is not applicable for 7.4.x versions.

Products Confirmed Not Vulnerable
Brocade Manageability Products are Not affected by this vulnerability.

Revision History

Version	Change	Date
1.0	Initial Publication	July 2, 2018
2.0	Updated with all releases	September 20, 2019