Debian Security Advisory
DLA-262-1 libcrypto++ -- LTS security update
- Date Reported:
- 30 Jun 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-2141.
- More information:
Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key.