Candidate: CVE-2017-14737
PublicDate: 2017-09-26 01:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14737
 https://github.com/randombit/botan/issues/1222
 https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai
Description:
 A cryptographic cache-based side channel in the RSA implementation in Botan
 before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to
 recover information about RSA secret keys, as demonstrated by CacheD. This
 occurs because an array is indexed with bits derived from a secret key.
Ubuntu-Description:
 It was discovered that Botan did not properly implement RSA. An attacker
 could possibly use this to perform a side-channel attack and recover
 information about RSA secret keys.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [5.5 MEDIUM]
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [5.5 MEDIUM]

Patches_botan1.10:
upstream_botan1.10: released (1.10.5-1+deb7u4, 1.10.17-0.1)
precise/esm_botan1.10: DNE
trusty_botan1.10: ignored (reached end-of-life)
trusty/esm_botan1.10: DNE (trusty was needed)
vivid/ubuntu-core_botan1.10: DNE
xenial_botan1.10: ignored (end of standard support, was needed)
zesty_botan1.10: ignored (reached end-of-life)
artful_botan1.10: ignored (reached end-of-life)
bionic_botan1.10: not-affected (1.10.17-0.1)
cosmic_botan1.10: not-affected (1.10.17-0.1)
disco_botan1.10: DNE
eoan_botan1.10: DNE
focal_botan1.10: DNE
groovy_botan1.10: DNE
hirsute_botan1.10: DNE
impish_botan1.10: DNE
jammy_botan1.10: DNE
devel_botan1.10: DNE