Advisories ยป MGASA-2015-0317

Updated libcryptopp package fixes security vulnerability

Publication date: 21 Aug 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-2141

Description

Evgeny Sidorov discovered that libcryptopp did not properly implement
blinding to mask private key operations for the Rabin-Williams digital
signature algorithm. This could allow remote attackers to mount a timing
attack and retrieve the user's private key (CVE-2015-2141).
                

References

SRPMS

5/core

4/core