Re: CVE request for math/big.Exp

[Florian Weimer <fweimer () redhat com>]

On 12/21/2015 05:07 PM, Jason Buberel wrote:
> OSS-Security,
>
> The Go open source project has received notification of an error in the
> math/big library (https://golang.org/pkg/math/big/). The problem that was
> identified is similar to CVE-2015-3193
> <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193>. The
> vulnerability was introduced in the 1.5 release, and remains present in Go
> 1.5.1 and 1.5.2.
>
> A fix for the issue has been applied to the master branch of the Go repo
> under CL 17672 <https://go-review.googlesource.com/#/c/17672/>. We will
> also be releasing Go 1.5.3 to fix this vulnerability.
>
> We are requesting a CVE ID in order to coordinate updates with
> distributions that include binary packages for the Go programming language.
> We will also announce and request that all Go programs using the math/big
> package that were compiled with version 1.5, 1.5.1, or 1.5.2 be recompiled
> with  1.5.3 (when released) due to the static linking nature of the Go
> toolchain.

Considering that until recently, Go did not protect against RSA-CRT key
leaks, doesn't that mean that all certificates whose private key was
touched by Go code should be re-issued?

RSA-CRT hardening was added in this commit:

https://github.com/golang/go/commit/40ac3690efe420ff7665c6fe1eec0933c41d1413

To protect against future key leaks due to similar issues in the
implementation integer arithmetic, I strongly recommend backporting this
hardening feature.

Florian