LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. References: https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
Created libtomcrypt tracking bugs for this issue: Affects: epel-all [bug 1591906] Affects: fedora-all [bug 1591905]
*** This bug has been marked as a duplicate of bug 1591163 ***
Statement: This flaw was found to be a duplicate of CVE-2018-0495. Please see https://access.redhat.com/security/cve/CVE-2018-0495 for information about affected products and security errata.