Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 734
Alerts This Week
Warning Icon 1 734

Gentoo: 200303-23 Critical Advisory: Mod_ssl Timing Attack

gentoo
Calendar Grey March 25, 2003
Dist Gentoo Esm H88
GENTOO LINUX SECURITY ADVISORY 202303-24: severe flaw discovered in mod_ssl requires urgent patching for all impacted installations.
Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on.

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-23
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------
- From advisory:
"Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on."
Read the full advisory at openssl
SOLUTION
It is recommended that all Gentoo Linux users who are running net-www/mod_ssl upgrade to mod_ssl-2.8.14 as follows:
emerge sync emerge mod_ssl emerge clean
- - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - - ---------------------------------------------------------------------
2.8.14

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : mod_ssl
SUMMARY : timing based attack
DATE : 2003-03-25 10:14 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <2.8.14 : fixed version>=2.8.14
CVE : CAN-2003-0147

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround