CVE-2018-20187

Priority
Description
A side-channel issue was discovered in Botan before 2.9.0. An attacker
capable of precisely measuring the time taken for ECC key generation may be
able to derive information about the high bits of the secret key, as the
function to derive the public point from the secret scalar uses an
unblinded Montgomery ladder whose loop iteration count depends on the
bitlength of the secret. This issue affects only key generation, not ECDSA
signatures or ECDH key agreement.
Package
Source: botan (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.04 (Disco Dingo):not-affected (2.9.0-2)
Ubuntu 19.10 (Eoan):not-affected (2.9.0-2)
Package
Upstream:not-affected (debian: Vulnerable code introduced in 1.11.20)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
More Information

Updated: 2019-09-19 14:47:01 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)