Debian has issued an advisory on June 29: https://www.debian.org/security/2015/dsa-3296 I missed this earlier because their package name is libcrypto++. Patched packages uploaded for Mageia 4, Mageia 5, and Cauldron. This library is used by amule, kodi, and synergy. Advisory: ======================== Updated libcryptopp packages fix security vulnerability: Evgeny Sidorov discovered that libcryptopp did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key (CVE-2015-2141). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2141 https://www.debian.org/security/2015/dsa-3296 ======================== Updated packages in core/updates_testing: ======================== libcryptopp6-5.6.2-2.1.mga4 libcryptopp-devel-5.6.2-2.1.mga4 libcryptopp-progs-5.6.2-2.1.mga4 libcryptopp6-5.6.2-4.1.mga5 libcryptopp-devel-5.6.2-4.1.mga5 libcryptopp-progs-5.6.2-4.1.mga5 from SRPMS: libcryptopp-5.6.2-2.1.mga4.src.rpm libcryptopp-5.6.2-4.1.mga5.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO
CC: (none) => davidwhodginsWhiteboard: MGA4TOO => MGA4TOO advisory
MGA4-32 on Acer D620 Xfce. No installation issues. urpmq --whatrequires libcryptopp6 shows amongst others synergy. set up this PC as synergy client and connected to a server on the LAN at CLI > strace -o syn synergy could move the mouse from the server into the screen of the client PC and $ grep libcrypt syn open("/lib/libcrypto.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
CC: (none) => herman.viaeneWhiteboard: MGA4TOO advisory => MGA4TOO advisory MGA4-32-OK
Well done Herman!
MGA5-64 on HP Probook 6555b KDE No installation issues. Repeated same test as per Comment 1 above: works OK.
Whiteboard: MGA4TOO advisory MGA4-32-OK => MGA4TOO has_procedure advisory MGA4-32-OK MGA5-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0317.html
Status: NEW => RESOLVEDResolution: (none) => FIXED