Syncthing Community Forum

Is syncthing affected by [security] Go 1.5.3 / CVE-2015-8618?

calmh (Jakob Borg) January 13, 2016, 9:57pm 2

Yes:

Security update - Syncthing v0.12.14 General

Continuing the discussion from Upcoming security release of Go: I’ve just pushed and built Syncthing v0.12.14. This build is built with Go 1.5.3, except for the Windows which is built using Go 1.6beta2. Go 1.5.3 / 1.6beta2 fixes the security issue described here, but the relevant part is: Specifically, incorrect results in one part of the RSA Chinese Remainder computation can cause the result to be incorrect in such a way that it leaks one of the primes. While RSA blinding should prevent an a…

show post in topic

Home
Categories
Guidelines
Terms of Service
Privacy Policy

Powered by Discourse, best viewed with JavaScript enabled