ALAS2-2019-1153 security vulnerability
piyshl-s opened this issue · 3 comments
piyshl-s commented
Hi Team,
we need ALAS2-2019-1153 security vulnerability to be fixed.
Because OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. (CVE-2018-0734 )
jguo11 commented
@piyshl-s thanks for reporting this issue. We will investigate and get back to you soon.
iliana commented
Hi, I'm on the team that maintains the Amazon Linux base image. We haven't updated the base image to include this fix yet, but I'll do that soon. Thanks for the report.
davecurrie commented