Support Content Notification - Support Portal

BSA-2018-737

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21485

Last Updated

20 September 2019

Initial Publication Date

30 October 2018

Status

Closed

Severity

Medium

CVSS Base Score

5.1

WorkAround

Affected CVE

CVE-2018-0734

Summary

Security Advisory ID : BSA-2018-737

Component : OpenSSL

Revision : 2.0: Final

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a-dev (Affected 1.1.1). Fixed in OpenSSL 1.1.0j-dev (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q-dev (Affected 1.0.2-1.0.2p).

Affected Products
Security updates have been provided in Brocade Fabric OS versions 8.2.2,8.2.1c,8.1.2h and Ficon Patches 8.1.2a7 8.2.0a4. This CVE is not applicable for 7.4.x versions.

Products Confirmed Not Vulnerable
Brocade Manageability Products are Not affected by this vulnerability.

Revision History

Version	Change	Date
1.0	Initial Publication	October 30, 2018
2.0	Updated with all releases	September 20, 2019