Source: wolfssl Version: 3.9.10+dfsg-1 Severity: grave Tags: upstream security patch fixed-upstream
Hi, the following vulnerability was published for wolfssl. CVE-2017-6076[0]: | In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes | it easier to extract RSA key information for a malicious user who has | access to view cache on a machine. >From the release notes: Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6076 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6076 [1] https://github.com/wolfSSL/wolfssl/commit/345df93978c41da1ac8047a37f1fed5286883d8d [2] https://github.com/wolfSSL/wolfssl/pull/674 Regards, Salvatore
