Package: openssl Version: 0.9.8e-5 Severity: important Tags: security Hi, CVE-2007-3108[0]: The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
Openssl seems to be vulnerable in (oldstable), stable, testing and unstable. I couldn't find any note about a fix for this in the changelogs. If you fix this issue please include the CVE id in the changelog. You can find patches for the 0.9.8 versions on: http://www.securityfocus.com/bid/25163/solution Kind regards Nico [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpm0kPONeVeB.pgp
Description: PGP signature

