Debian Security Advisory
DLA-262-1 libcrypto++ -- LTS security update
- Date Reported:
- 30 Jun 2015
- Affected Packages:
- libcrypto++
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-2141.
- More information:
-
Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key.