Arch Linux: ASA-201507-20 Medium: Private Key Recovery Timing Attack

Arch Linux Security Advisory ASA-201507-20
=========================================
Severity: Medium
Date    : 2015-07-24
CVE-ID  : CVE-2015-2141
Package : crypto++
Type    : private key recovery
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package crypto++ before version 5.6.2-3 is vulnerable to private key
recovery via a timing side-channel attack.

Resolution
=========
Upgrade to 5.6.2-3.

# pacman -Syu "crypto++>=5.6.2-3"

The problems have been fixed upstream but no release is available yet.

Workaround
=========
None.

Description
==========
Evgeny Sidorov discovered that it is possible to recover the private key
when using Rabin-Williams signatures due to a bad interaction with the
blinding value used to mask private key operations. The bad interaction
had to do with the random value not meeting certain Jacobi requirements,
which allows remote attackers to obtain private keys via a timing attack.

Impact
=====
A remote attacker is able to take advantage of improper private key
blinding operations to recover private keys via a timing side-channel
attack.

References
=========
https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2015-June/015585.html
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2141
https://bugs.archlinux.org/task/45498