[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto
bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries
Mon, 16 Jul 2018 13:14:30 -0400
On Mon, Jul 16, 2018 at 08:53:56AM +0200, Gábor Boskovits wrote:
> Are there any more packages needing attention?
libtomcrypt version 1.18.2 includes a fix; we would need to adapt this
to the bundled copy in Dropbear. I can take a look at this today.
NSS was fixed in Guix commit 7c3bea7e6299e1026c7964c83986a6b6c220879a by
Marius. Thanks, Marius!
The advisory mentions similar but not indentical issues in these
There is a new release of Crypto++ available. I'm not sure if this
addresses whatever issue was mentioned in the original advisory.
mbedTLS's changelog doesn't mention anything related to key extraction
I don't see any related commits in Go's crypto/tls Git repo.
Description: PGP signature