LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. Fix in 2.6.5, 2.7.4. Gentoo Security Scout Florian Schuhmacher
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=171f5dd87c70e26ed8577073158b0104ca9f20bc commit 171f5dd87c70e26ed8577073158b0104ca9f20bc Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-06-16 01:35:51 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-06-16 01:35:51 +0000 dev-libs/libressl: security bump Bug: https://bugs.gentoo.org/658158 Package-Manager: Portage-2.3.40, Repoman-2.3.9 dev-libs/libressl/Manifest | 2 ++ dev-libs/libressl/libressl-2.6.5.ebuild | 55 +++++++++++++++++++++++++++++++++ dev-libs/libressl/libressl-2.7.4.ebuild | 53 +++++++++++++++++++++++++++++++ 3 files changed, 110 insertions(+)
@arches, please stabilize
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c5890c7dc134821525804555c0ae32f2bda48e8 commit 9c5890c7dc134821525804555c0ae32f2bda48e8 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-06-16 19:23:07 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-16 19:26:28 +0000 dev-libs/libressl: stable 2.6.5 for sparc Bug: https://bugs.gentoo.org/658158 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" dev-libs/libressl/libressl-2.6.5.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a68457d8fc08342411862975fee6f6a66533a8f8 commit a68457d8fc08342411862975fee6f6a66533a8f8 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-06-17 01:13:24 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-06-17 01:13:24 +0000 dev-libs/libressl: amd64 stable Bug: https://bugs.gentoo.org/658158 Package-Manager: Portage-2.3.40, Repoman-2.3.9 dev-libs/libressl/libressl-2.6.5.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
x86 stable
arm stable
s390 stable
ppc/ppc64 stable. all arches stable