View at Official alpine advisory, NVD, CVE.org · CVE detail
Freshness: no update timestamp found; verify against the upstream OS advisory manually.
CVE-2018-0734: 5 source package rows (nodejs, nodejs-current, openssl, openssl1.1-compat, openssl3); 32 state rows across 17 repos (3.10-main, 3.11-main, 3.12-main, 3.17-community, 3.17-main, 3.18-community, 3.18-main, 3.19-community, 3.19-main, 3.20-community, 3.20-main, 3.21-community, 3.21-main, 3.22-community, 3.22-main, edge-community, edge-main); fixed 32, open 0.
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).