[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 262-1] libcrypto++ security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libcrypto++
Version        : 5.6.0-6+deb6u1
CVE ID         : CVE-2015-2141

Evgeny Sidorov discovered that libcrypto++, a general purpose C++
cryptographic library, did not properly implement blinding to mask
private key operations for the Rabin-Williams digital signature
algorithm. This could allow remote attackers to mount a timing attack
and retrieve the user's private key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVkwBaXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHAgsQAKnAEIcKBa8AtGBx7FcOvr21
xrpzTYyeZEw+LpWFPLvKOPDfR/7bLCqn/6pzXdqW+8EGu+v1MWiMU9loMyG1LkV0
wbXI48GqNs+vAdUvFrSlDIxEW6YQTCVBRktdrFseQKtj4G2ekohKhJRTS3cD4kcY
8FS+4crNFKkicQHmZTQ+JP2L95G6Unt/Lo4tOgvkJrtn4TTBaAinxzGqImwuR0XU
S7abmRSuKl//8HNujxk1tZNupMtGnL3JAaYbd9vKq7WnoKKsBQq1kUX1fSZqYD4q
zpHsLN5ERWY2xgkGjRVnRAW1K86ofpPdpAABv2EHimmUCMODKtNpoWWhx5pwPVZy
b574IuusaljDMNfSONz1SK8W0A0wz4OrjPk/5Jxxv/fU52194Q7ij6fv4HYaHXUT
xBhmJ0oOgt/mx1TFlxRk3MwEEziW/4yU+sNCxFjSZleGTBJAvoeswDFvgKIuxMIn
8P6Pj5Og8HoLEd07BNFXFt57wR0WFwkY+kZKRC1Z9iPjDZPk0Tl/+GSw6dA336CQ
aZpeQr/vmnNrpRVlFvK2Yby/PC0aMZIGDQOe3XpRv5mZyc9gEfUFOqkAc5KqnF/G
KlUj2bUR6LIX+5vIqBRIJ4ihf/lwYpXkppzLT1G4N6RYy7qKAoMROPynNKanJHoT
ds1o1rE/xtOOtQ9fqXRC
=cdqu
-----END PGP SIGNATURE-----


Reply to: