Bug 86112
Summary: | New timing attack on OpenSSL applications | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Mark J. Cox <mjc> |
Component: | openssl | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 8.0 | CC: | mitr |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-04-15 11:32:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mark J. Cox
2003-03-14 09:44:43 UTC
(also note that this issue was entered for OpenSSL under Red Hat Linux 8.0 but applies to all applications linked to OpenSSL under Red Hat Linux 6.2, 7, 7.1, 7.2, 8.0 and the Enterprise Linux family. This is CAN-2003-0147. The OpenSSL team are currently working on a patch that enables RSA blinding by default, therefore only OpenSSL will need to be updated and applications linked to it will not. Was fixed by http://rhn.redhat.com/errata/RHSA-2003-101.html |