CVE-2015-2141
Published: 1 July 2015
The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libcrypto++ Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
| trusty |
Released
(5.6.1-6+deb8u1build0.14.04.1)
|
|
| upstream |
Released
(5.6.1-7)
|
|
| utopic |
Released
(5.6.1-6+deb8u1build0.14.10.1)
|
|
| vivid |
Released
(5.6.1-6+deb8u1build0.15.04.1)
|
|
| wily |
Not vulnerable
(5.6.1-7)
|
|
| xenial |
Not vulnerable
(5.6.1-7)
|
|
| yakkety |
Not vulnerable
(5.6.1-7)
|
|
| zesty |
Not vulnerable
(5.6.1-7)
|
|
|
Patches: upstream: https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff |
||