Advisories » MGASA-2015-0317

Updated libcryptopp package fixes security vulnerability

Publication date: 21 Aug 2015
Modification date: 21 Aug 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-2141

Description

Evgeny Sidorov discovered that libcryptopp did not properly implement
blinding to mask private key operations for the Rabin-Williams digital
signature algorithm. This could allow remote attackers to mount a timing
attack and retrieve the user's private key (CVE-2015-2141).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16426
• https://www.debian.org/security/2015/dsa-3296
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2141

SRPMS

5/core

• libcryptopp-5.6.2-4.1.mga5

4/core

• libcryptopp-5.6.2-2.1.mga4