GNU bug report logs

#31831 CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #14 received at 31831@debbugs.gnu.org (full text, mbox, reply):

Received: (at 31831) by debbugs.gnu.org; 14 Jun 2018 20:06:12 +0000
From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 14 16:06:12 2018
Received: from localhost ([127.0.0.1]:48492 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fTYVY-0002aZ-0e
	for submit@debbugs.gnu.org; Thu, 14 Jun 2018 16:06:12 -0400
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:52995)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1fTYVW-0002aS-IY
 for 31831@debbugs.gnu.org; Thu, 14 Jun 2018 16:06:11 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id 3EFB021A29;
 Thu, 14 Jun 2018 16:06:10 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute4.internal (MEProxy); Thu, 14 Jun 2018 16:06:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:content-type:date:from:in-reply-to:message-id:mime-version
 :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=
 mesmtp; bh=dUJhKpNqm2KW5niqYlsQOLpcuHstaPF8WqrfMgzC1l4=; b=sEPwo
 eM1dQMQP7aOapYBBXUabW1SrgCdfXGoEnadp+cL/Am+hLIaG8w6Y6qHnpF5PHaIa
 IE8o6emi4iZ0JvWQnio5Nk0VD86jvNwkGMVS5yhUaQEr+dmqGUZfrUCippKaXb5B
 6PZhuS/vEw9UwNcstbOjq/CIiBqcOBolql2RZg=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm3; bh=dUJhKpNqm2KW5niqYlsQOLpcuHsta
 PF8WqrfMgzC1l4=; b=T/KMyAA1EbDlE8urKIT3ImOpKYt2E0RT6FfONs8iXOVVJ
 RdBTPstODErSIll+uUiEmWRCEHQDYUcBtPUDl9W2H7/6lC35qiuChCKWkyd1zVR5
 u6p7kGrCxYO2wMTjvKsxyZKSXGSQW590PeYva1amIgCJGiuDbnQSdL/LcuGGCjPK
 oyNv854bkALTchUzo5PkHJbSFq8y/hjVSnGKtFLLQA2ppIRQhv7ydYyUTd7Vs5y/
 0Hy9h+x37TdHnNybBCWxz24y8XYNCY1lvNd6q0CCtGwFF0094ftC9OCxgKhfYNHx
 +DGJTDcj/T1mGTqOxqx1i+pCG9uLWtjNukerS8/Gw==
X-ME-Proxy: <xmx:ssoiW7cuqonmFx6HGlD-JLl2tb9qios0DOFFcCgNiOFPDS0sUdPtGg>
 <xmx:ssoiW42efUAk7Syhx_DPEMRx-MSfQN8pfuCIvAzizlBgaJrLtQBx_Q>
 <xmx:ssoiW74-RhLo0F2_vgL2kYaCO58X5SRI8CyJlW87b_jvmtZcc5NHNA>
 <xmx:ssoiW3dYlg8yCg_-Wg4nfXWYFzAyaGO9zy8CU6zD4LVlvZ2lWwjNqQ>
 <xmx:ssoiW_MpNmaOib2cSprGMbQ68Y-GiCnO8RZ_5kjJuqoEgcskaAvyhw>
 <xmx:ssoiW4c8kKb1oE256kj6k9fJeBcHn33gTOLQg9ZUlcLruAg0x0NoQg>
X-ME-Sender: <xms:ssoiW9a9VABFWn7eGK3iBSnSsjrqTWUqEHtZY7meaIzBarBrbXc0rw>
Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net
 [76.124.202.137])
 by mail.messagingengine.com (Postfix) with ESMTPA id E338510266;
 Thu, 14 Jun 2018 16:06:09 -0400 (EDT)
Date: Thu, 14 Jun 2018 16:06:08 -0400
From: Leo Famulari <leo@famulari.name>
To: Gábor Boskovits <boskovits@gmail.com>
Subject: Re: bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple
 Crypto Libraries
Message-ID: <20180614200608.GA8617@jasmine.lan>
References: <20180614192211.GA21522@jasmine.lan>
 <20180614195049.GB4039@jasmine.lan>
 <CAE4v=pjPFsmHKG8S72fqk2DJ9iw1GVNa+0eVUwOmVqxiUWi3bg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="LQksG6bCIzRHxTLp"
Content-Disposition: inline
In-Reply-To: <CAE4v=pjPFsmHKG8S72fqk2DJ9iw1GVNa+0eVUwOmVqxiUWi3bg@mail.gmail.com>
User-Agent: Mutt/1.10.0 (2018-05-17)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 31831
Cc: 31831@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

[Message part 1 (text/plain, inline)]
> 2018-06-14 21:50 GMT+02:00 Leo Famulari <leo@famulari.name>:
> > I'll try OpenSSL next.

They committed a fix but haven't released an update yet:

https://github.com/openssl/openssl/commit/a3e9d5aa980f238805970f420adf5e903d35bf09

There is also an unrelated security advisory for a DoS bug from 2 days
ago:

https://www.openssl.org/news/secadv/20180612.txt

I'll try grafting these patches.

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sat Dec 21 18:36:43 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.