CVE-2015-8618

Priority
Description
The Int.Exp Montgomery code in the math/big library in Go 1.5.x before
1.5.3 mishandles carry propagation and produces incorrect output, which
makes it easier for attackers to obtain private RSA keys via unspecified
vectors.
Notes
mdeslaurPackages built using golang need to be rebuilt once the
vulnerability has been fixed. This CVE entry does not
list packages that need rebuilding outside of the main
repository or the Ubuntu variants with PPA overlays.
TODO: add main packages an packages in the overlays to this CVE
msalvatoreVulnerability introduced in 1.5.x
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
More Information

Updated: 2020-09-10 04:56:46 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)