Debian Security Advisory

DLA-262-1 libcrypto++ -- LTS security update

Date Reported:
30 Jun 2015
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2015-2141.
More information:

Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key.