Arch Linux Security Advisory ASA-201507-20 ========================================== Severity: Medium Date : 2015-07-24 CVE-ID : CVE-2015-2141 Package : crypto++ Type : private key recovery Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package crypto++ before version 5.6.2-3 is vulnerable to private key recovery via a timing side-channel attack. Resolution ========== Upgrade to 5.6.2-3. # pacman -Syu "crypto++>=5.6.2-3" The problems have been fixed upstream but no release is available yet. Workaround ========== None. Description =========== Evgeny Sidorov discovered that it is possible to recover the private key when using Rabin-Williams signatures due to a bad interaction with the blinding value used to mask private key operations. The bad interaction had to do with the random value not meeting certain Jacobi requirements, which allows remote attackers to obtain private keys via a timing attack. Impact ====== A remote attacker is able to take advantage of improper private key blinding operations to recover private keys via a timing side-channel attack. References ========== https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2015-June/015585.html https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2141 https://bugs.archlinux.org/task/45498