MDVSA-2011:136 -- Mandriva opensslID: oval:org.secpod.oval:def:301080 | Date: (C)2012-01-07 (M)2023-12-07 |
Class: PATCH | Family: unix |
A vulnerability was discovered and corrected in openssl: The elliptic curve cryptography subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation . Packages for 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2009.0 |