Re: Security update of nettle
Ola Lundqvist <ola@inguza.com> writes:
> Magnus, Niels and I have been discussing the nettle update due to
> https://security-tracker.debian.org/tracker/CVE-2016-6489
Please note that some coordinatoino with gnutls may be needed, to avoid
a denial-of-service problem involving invalid private keys.
> I suggest something like this:
> "Protect against potential timing attacks against exponentiation operations
> as described in CVE-2016-6489 RSA code is vulnerable to cache sharing
> related attacks."
I'd suggest the more general "side-channel attacks" over "timing
attacks".
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
Reply to: