jguo11
commented
5 years ago @piyshl-s thanks for reporting this issue. We will investigate and get back to you soon.
Closed piyshl-s closed 5 years ago
jguo11
commented
5 years ago @piyshl-s thanks for reporting this issue. We will investigate and get back to you soon.
iliana
commented
5 years ago Hi, I'm on the team that maintains the Amazon Linux base image. We haven't updated the base image to include this fix yet, but I'll do that soon. Thanks for the report.
davecurrie
commented
5 years ago Closing issue in favor of @ilianaw's PR. Thanks again @piyshl-s.
Hi Team, we need ALAS2-2019-1153 security vulnerability to be fixed. Because OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. (CVE-2018-0734 )