Description
A cryptographic cache-based side channel in the RSA implementation in Botan
before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to
recover information about RSA secret keys, as demonstrated by CacheD. This
occurs because an array is indexed with bits derived from a secret key.
Ubuntu-Description
It was discovered that Botan did not properly implement RSA. An attacker
could possibly use this to perform a side-channel attack and recover
information about RSA secret keys.
Package
| Upstream: | released
(1.10.5-1+deb7u4, 1.10.17-0.1)
|
| Ubuntu 18.04 LTS: | not-affected
(1.10.17-0.1)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 21.10: | DNE
|
| Ubuntu 22.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was needed)
|
Patches:
Updated: 2022-04-25 00:19:31 UTC (commit ecc1009cb19540b950de59270950018900f37f15)