CVE-2015-2141
Published: 1 July 2015
The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack.
Priority
Status
Package | Release | Status |
---|---|---|
libcrypto++ Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Released
(5.6.1-6+deb8u1build0.14.04.1)
|
|
upstream |
Released
(5.6.1-7)
|
|
utopic |
Released
(5.6.1-6+deb8u1build0.14.10.1)
|
|
vivid |
Released
(5.6.1-6+deb8u1build0.15.04.1)
|
|
wily |
Not vulnerable
(5.6.1-7)
|
|
xenial |
Not vulnerable
(5.6.1-7)
|
|
yakkety |
Not vulnerable
(5.6.1-7)
|
|
zesty |
Not vulnerable
(5.6.1-7)
|
|
Patches: upstream: https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff |