USN-2883-1: OpenSSL vulnerability
28 January 2016
OpenSSL could be made to expose sensitive information over the network.
- openssl - Secure Socket Layer (SSL) cryptographic library and tools
Antonio Sanso discovered that OpenSSL reused the same private DH exponent
for the life of a server process when configured with a X9.42 style
parameter file. This could allow a remote attacker to possibly discover the
server's private DH exponent when being used with non-safe primes.