Update Marvin fix Changelog entry
Upon further consideration we think that a remote attacker close to the victim might be able to have precise enough timing information to exploit the side channel as well. Update the Changelog to reflect this. Signed-off-by: Janos Follath <janos.follath@arm.com>
This commit is contained in:
parent
393df9c995
commit
0d57f1034e
1 changed files with 7 additions and 5 deletions
|
@ -1,6 +1,8 @@
|
|||
Security
|
||||
* Fix a timing side channel in RSA private operations. This side channel
|
||||
could be sufficient for a local attacker to recover the plaintext. It
|
||||
requires the attacker to send a large number of messages for decryption.
|
||||
For details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario.
|
||||
Reported by Hubert Kario, Red Hat.
|
||||
* Fix a timing side channel in private key RSA operations. This side channel
|
||||
could be sufficient for an attacker to recover the plaintext. A local
|
||||
attacker or a remote attacker who is close to the victim on the network
|
||||
might have precise enough timing measurements to exploit this. It requires
|
||||
the attacker to send a large number of messages for decryption. For
|
||||
details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported
|
||||
by Hubert Kario, Red Hat.
|
||||
|
|
Loading…
Reference in a new issue