aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-09-28 11:00:32 -0400
committerJack Lloyd <[email protected]>2017-09-28 11:00:32 -0400
commiteadb113289dffbf294f6d499193713b120f79f64 (patch)
tree03bd62e273f18d645e1d54d628ebd0551c7ed83c
parent95df7f155570949837e8e28e733f3d59408092da (diff)
Update news
-rw-r--r--doc/authors.txt (renamed from authors.txt)8
-rw-r--r--doc/security.rst11
-rw-r--r--news.rst5
3 files changed, 16 insertions, 8 deletions
diff --git a/authors.txt b/doc/authors.txt
index ee6a10e9d..2703facbd 100644
--- a/authors.txt
+++ b/doc/authors.txt
@@ -1,18 +1,10 @@
-The original author and current release manager is
-
Jack Lloyd
-
-With extensive and ongoing contributions by several individuals
-
Daniel Neus (Rohde & Schwarz Cybersecurity)
Falko Strenzke (cryptosource GmbH)
Juraj Somorovsky (Hackmanit GmbH)
Matthias Gierlings (Hackmanit GmbH)
René Korthaus (Rohde & Schwarz Cybersecurity)
Simon Warta (Kullo GmbH)
-
-And with many other contributors including
-
Peter J Jones
Justin Karneges
Vaclav Ovsik
diff --git a/doc/security.rst b/doc/security.rst
index 4b755da8d..a36173bc2 100644
--- a/doc/security.rst
+++ b/doc/security.rst
@@ -18,6 +18,17 @@ https://keybase.io/jacklloyd and on most PGP keyservers.
2017
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+* 2017-10-02 (CVE-2017-14737): Potential side channel using cache information
+
+ In the Montgomery exponentiation code, a table of precomputed values
+ is used. An attacker able to analyze which cache lines were accessed
+ (perhaps via an active attack such as Prime+Probe) could recover
+ information about the exponent. Identified in "CacheD: Identifying
+ Cache-Based Timing Channels in Production Software" by Wang, Wang,
+ Liu, Zhang, and Wu (Usenix Security 2017).
+
+ Fixed in 1.10.17 and 2.3.0, all prior versions affected.
+
* 2017-07-16: Failure to fully zeroize memory before free
The secure_allocator type attempts to zeroize memory before freeing it. Due to
diff --git a/news.rst b/news.rst
index 27aa946bd..f0e8d6991 100644
--- a/news.rst
+++ b/news.rst
@@ -4,6 +4,11 @@ Release Notes
Version 2.3.0, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+* Address a side channel affecting modular exponentiation. An attacker
+ capabable of a local or cross-VM cache analysis attack may be able
+ to recover bits of secret exponents as used in RSA, DH, etc.
+ CVE-2017-14737
+
* Add the SHACAL2 block cipher, including optimizations using SIMD and SHA-NI
instructions. (GH #1151)