Botan through 2.6.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. References: https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
Created botan tracking bugs for this issue: Affects: epel-all [bug 1591834] Affects: fedora-all [bug 1591835] Created botan2 tracking bugs for this issue: Affects: fedora-all [bug 1591833]
Isn't that a duplicate of CVE-2018-0495 ? Also, botan < 2.5 is (according to upstream) not affected, going to close the botan bugs.
(In reply to Thomas Moschny from comment #2) > Isn't that a duplicate of CVE-2018-0495 ? i.e. bug 1591163
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.