Debian Security Advisory 3296-1

Debian Security Advisory 3296-1: Posted Jun 29, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3296-1 - Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key.; tags | advisory, remote; systems | linux, debian; advisories | CVE-2015-2141; SHA-256 | 4707bd24eba3fb745274e22475d0cd9ef7b5c266fc91bff5bcd81208fc794025; Download | Favorite | View

Debian Security Advisory 3296-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3296-1                   security@debian.org
https://www.debian.org/security/                       Alessandro Ghedini
June 29, 2015                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libcrypto++
CVE ID         : CVE-2015-2141

Evgeny Sidorov discovered that libcrypto++, a general purpose C++
cryptographic library, did not properly implement blinding to mask
private key operations for the Rabin-Williams digital signature
algorithm. This could allow remote attackers to mount a timing attack
and retrieve the user's private key.

For the oldstable distribution (wheezy), this problem has been fixed
in version 5.6.1-6+deb7u1.

For the stable distribution (jessie), this problem has been fixed in
version 5.6.1-6+deb8u1.

For the testing distribution (stretch), this problem will be fixed
in version 5.6.1-7.

For the unstable distribution (sid), this problem has been fixed in
version 5.6.1-7.

We recommend that you upgrade your libcrypto++ packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVkQXjAAoJEK+lG9bN5XPLGCoP/jlLKGCEKcVIyNFSzNQ3r/K2
j9pYi/aRG8XtKXawti8cG33nhXbjlqKf96kGPHx7Deu9CBiDm5prscfGqUGfc6ru
vQhdkamghhI8OsLKeitqHXPFNDleFXa3UlwomBNIqUXzQyREDidQJKZhhg1RS5dY
sovbJtUwm0H7F98+u1tEE3tyQQC8VcX3xXncXgVMV4HcVcOj+4tEl64PljUSeGzW
Hz2FqQLqk4t7ckT31vlKtVQivAvPiDVu0EazTAnnQkm0FEQCScVCdQz744Ox5RzO
P/nuYuK2n5QuI9/0LbnCniEY1wqIKvkXh00lrG00QKbtWpdw891nc7FoMeO6qfLe
jVYiJjfV5/tJwFYGr5Dd9ShPXQUR7UnIPh3rgAIYWhYkYE0KHhUBZXcVElSOwCOR
ZXuZ9F6I9cXX8NLRBULfXXasPNLi+gYMYcGbF9y1dDaYXH+sskuRXWh1tat2PvuO
6e4u49UyiVvd5GnUWv5IIJJcrCoCayewRsHBsddeagtgtXCA+LRLg9uylm1HELNL
rjG+yZcoMRmojyCiEHN5xJekjkK0P82moURBTKq1cnL6eb3GhGB95VJ4UKqg/RNS
iGnxrfijoK5ZN7m8qylvoVQExQ8q1nOKSJT1lcpvFAVyFh4RVcjuMALsVIOgVURC
Xg0YheXBZs4lRtCcKLtl
=NhFp
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 213 files
Ubuntu 90 files
Gentoo 31 files
Debian 22 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Amit Roy 4 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

Debian Security Advisory 3296-1

Debian Security Advisory 3296-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3296-1

Share This

Debian Security Advisory 3296-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems