Mageia 7: MGASA-2019-0362 Critical: libcryptopp Timing Attack
mageia
December 6, 2019
The updated packages fix a security vulnerability: Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation
Summary
The updated packages fix a security vulnerability:
Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA
signature generation. This allows a local or remote attacker, able to
measure the duration of hundreds to thousands of signing operations,
to compute the private key used. The issue occurs because scalar
multiplication in ecp.cpp (prime field curves, small leakage) and
algebra.cpp (binary field curves, large leakage) is not constant time
and leaks the bit length of the scalar among other information
(CVE-2019-14318).
References
- https://bugs.mageia.org/show_bug.cgi?id=25759
- - https://www.cve.org/CVERecord?id=CVE-2019-14318
Topics Covered
Resolution
SRPMS
- 7/core/libcryptopp-7.0.0-1.1.mga7
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 06 Dec 2019
URL: https://advisories.mageia.org/MGASA-2019-0362.html
Type: security
CVE: CVE-2019-14318
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!