Errata SECURITY FIX: January 5, 2017

by
from OpenBSD Journal on (#28FCE)
Avoid possible side-channel leak of ECDSA private keys when signing.

A source code patch exists which remedies this problem:

for 6.0.

for 5.9

This is related to CVE-2016-7056 "ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)"Additional details can be read here: http://seclists.org/oss-sec/2017/q1/52

Thanks to M:Tier https://stable.mtier.org for raising awareness on this patch.

External Content
Source RSS or Atom Feed
Feed Location http://undeadly.org/cgi?action=rss
Feed Title OpenBSD Journal
Feed Link http://undeadly.org/
Reply 0 comments