César Pereida

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.0.2h and earlier **Description** The issue is related to the `dsa sign setup` function in OpenSSL, which does not ensure the use of constant-time operations. This makes it easier for local users to discover a DSA private key via a timing side-channel attack. The vulnerability can allow an attacker to recover the DSA private key under certain conditions, potentially affecting SSH servers that use DSA keys. **Recommendations** For OpenSSL versions 1.0.2h and earlier, consider upgrading to a version that addresses this issue, as the current version does not properly ensure the use of constant-time operations, making it vulnerable to timing side-channel attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.