diff options
| author | Jack Lloyd <[email protected]> | 2017-09-28 11:00:32 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2017-09-28 11:00:32 -0400 |
| commit | eadb113289dffbf294f6d499193713b120f79f64 (patch) | |
| tree | 03bd62e273f18d645e1d54d628ebd0551c7ed83c /doc/security.rst | |
| parent | 95df7f155570949837e8e28e733f3d59408092da (diff) | |
Update news
Diffstat (limited to 'doc/security.rst')
| -rw-r--r-- | doc/security.rst | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/security.rst b/doc/security.rst index 4b755da8d..a36173bc2 100644 --- a/doc/security.rst +++ b/doc/security.rst @@ -18,6 +18,17 @@ https://keybase.io/jacklloyd and on most PGP keyservers. 2017 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* 2017-10-02 (CVE-2017-14737): Potential side channel using cache information + + In the Montgomery exponentiation code, a table of precomputed values + is used. An attacker able to analyze which cache lines were accessed + (perhaps via an active attack such as Prime+Probe) could recover + information about the exponent. Identified in "CacheD: Identifying + Cache-Based Timing Channels in Production Software" by Wang, Wang, + Liu, Zhang, and Wu (Usenix Security 2017). + + Fixed in 1.10.17 and 2.3.0, all prior versions affected. + * 2017-07-16: Failure to fully zeroize memory before free The secure_allocator type attempts to zeroize memory before freeing it. Due to |