| Security | |
| * Fix a timing side channel in private key RSA operations. This side channel | |
| could be sufficient for an attacker to recover the plaintext. A local | |
| attacker or a remote attacker who is close to the victim on the network | |
| might have precise enough timing measurements to exploit this. It requires | |
| the attacker to send a large number of messages for decryption. For | |
| details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported | |
| by Hubert Kario, Red Hat. |