Описание
Security update for Botan
This update for Botan fixes the following issues:
This security issue was fixed:
- CVE-2017-14737: A cryptographic cache-based side channel in the RSA implementation in Botan allowed a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occured because an array is indexed with bits derived from a secret key (bsc#1060433).
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP2
libbotan-1_10-0-1.10.9-4.3.1
libbotan-devel-1.10.9-4.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libbotan-1_10-0-1.10.9-4.3.1
libbotan-devel-1.10.9-4.3.1
Ссылки
- Link for SUSE-SU-2017:2855-1
- E-Mail link for SUSE-SU-2017:2855-1
- SUSE Security Ratings
- SUSE Bug 1060433
- SUSE CVE CVE-2017-14737 page
Описание
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-1_10-0-1.10.9-4.3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-devel-1.10.9-4.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libbotan-1_10-0-1.10.9-4.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libbotan-devel-1.10.9-4.3.1
Ссылки
- CVE-2017-14737
- SUSE Bug 1060433