Source: botan1.10 Version: 1.10.16-1 Severity: grave Tags: patch upstream security Forwarded: https://github.com/randombit/botan/issues/1222
Hi, the following vulnerability was published for botan1.10. CVE-2017-14737[0]: | A cryptographic cache-based side channel in the RSA implementation in | Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local | attacker to recover information about RSA secret keys, as demonstrated | by CacheD. This occurs because an array is indexed with bits derived | from a secret key. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14737 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14737 [1] https://github.com/randombit/botan/issues/1222 Please adjust the affected versions in the BTS as needed. Regards, Salvatore