Description
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
Remediation
References
Related Vulnerabilities
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-6600)
WordPress Plugin GigPress 'Notes' Field HTML Injection (2.1.10)
WordPress Plugin Magic Fields Cross-Site Scripting (1.7.1)
Oracle HTTP Server CVE-2006-0435 Vulnerability (CVE-2006-0435)
Joomla! Core 3.x.x Multiple Cross-Site Scripting Vulnerabilities (3.0.0 - 3.9.3)