PolarSSL's RSA implementation was found to have a bias in the implementation of Montgomery multiplication. It can be used to mount an attack on RSA key. Here, a third party can send arbitrary handshake messages to the server. If correctly executed, this attack could reveal the entire private RSA key after a large number of attack messages are sent to show the timing differences. There is a known workaround to Disable CRT (#define POLARSSL_RSA_NO_CRT) in config.h. The code will be much slower, but unaffected by this attack, but best is to upgrade to either 1.2.9 or 1.3.0. References: https://bugs.gentoo.org/show_bug.cgi?id=487170 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5915 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05
Created polarssl tracking bugs for this issue: Affects: fedora-all [bug 1015947]
Upstream fix: https://github.com/polarssl/polarssl/commit/43f9799ce61c6392a014d0a2ea136b4b3a9ee194 Further improved in 1.2.10 to make it thread-safe: https://github.com/polarssl/polarssl/commit/6b06502c4b19ce40a88faca3528b9f3f0c87a755
All fedora versions already had 1.2.9 in testing when this was filed. It would be nice if your automatic tools were a bit smarter.
polarssl-1.2.10-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
polarssl-1.2.10-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.