OpenSSL Security Advisory [12 November 2018]
============================================

Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)
===================================================================================

Severity: Low

OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown
to be vulnerable to a microarchitecture timing side channel attack. An attacker
with sufficient access to mount local timing attacks during ECDSA signature
generation could recover the private key.

This issue does not impact OpenSSL 1.1.1 and is already fixed in the latest
version of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the low
severity of this issue we are not creating a new release at this time. The 1.0.2
mitigation for this issue can be found in commit b18162a7c.

OpenSSL 1.1.0 users should upgrade to 1.1.0i.

This issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera
Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri.

Note
====

OpenSSL 1.1.0 is currently only receiving security updates. Support for this
version will end on 11th September 2019. Users of this version should upgrade to
OpenSSL 1.1.1.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20181112.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html