Package: openssl
Version: 0.9.8e-5
Severity: important
Tags: security

Hi,
CVE-2007-3108[0]:
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and
earlier does not properly perform Montgomery multiplication, which might allow
local users to conduct a side-channel attack and retrieve RSA private keys.

Openssl seems to be vulnerable in (oldstable), stable, testing and unstable.
I couldn't find any note about a fix for this in the changelogs.

If you fix this issue please include the CVE id in the changelog.
You can find patches for the 0.9.8 versions on:
http://www.securityfocus.com/bid/25163/solution

Kind regards
Nico
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
-- 
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpm0kPONeVeB.pgp
Description: PGP signature

Reply via email to