Bug 7079

Summary: botan security vulnerability (CVE-2015-7827)
Product: [ROSA Desktop] Desktop Bugs Reporter: Zombie Ryushu <zombie.ryushu>
Component: Contributed PackagesAssignee: ROSA Linux Bugs <bugs>
Status: RESOLVED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: alexey.vokhmin, andrey.bondrov, denis.silakov
Version: Fresh   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://advisories.mageia.org/MGASA-2016-0208.html
RPM Package: botan ISO-related:
Bad POT generating: Upstream:

Description Zombie Ryushu 2016-05-30 03:44:40 MSD
During RSA decryption, how long decoding of PKCS #1 v1.5 padding took was
input dependent. If these differences could be measured by an attacker,
it could be used to mount a Bleichenbacher million-message attack

ECDSA (and DSA) signature algorithms perform a modular inverse on the
signature nonce k. The modular inverse algorithm used had input dependent
loops, and it is possible a side channel attack could recover sufficient
information about the nonce to eventually recover the ECDSA secret key
Comment 1 Denis Silakov 2016-08-23 18:29:15 MSD