[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto
From: |
Leo Famulari |
Subject: |
bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries |
Date: |
Mon, 16 Jul 2018 13:14:30 -0400 |
User-agent: |
Mutt/1.10.0 (2018-05-17) |
On Mon, Jul 16, 2018 at 08:53:56AM +0200, Gábor Boskovits wrote:
> Are there any more packages needing attention?
libtomcrypt version 1.18.2 includes a fix; we would need to adapt this
to the bundled copy in Dropbear. I can take a look at this today.
NSS was fixed in Guix commit 7c3bea7e6299e1026c7964c83986a6b6c220879a by
Marius. Thanks, Marius!
The advisory mentions similar but not indentical issues in these
packages:
There is a new release of Crypto++ available. I'm not sure if this
addresses whatever issue was mentioned in the original advisory.
mbedTLS's changelog doesn't mention anything related to key extraction
side channels.
I don't see any related commits in Go's crypto/tls Git repo.
signature.asc
Description: PGP signature