Andrew S., where did you find that info about "RSA blinding"? Oh, it
was
here, from April,
and the original
17 March advisory.
It would be nice to know how serious a security vulnerabilty this
really is. From the discussion in
Vulnerability Note VU#997481,
I suspect it is pretty low risk for most web servers on the Internet.
Various
googles
show a lot of info from back in March.
[grumble grumble] My fairly un-informed take on this is that some of
these rushed in security patches are not all that well thought out.
Breaking thread-safety by default in a security patch to a
formerly thread-safe library strikes me as really obnoxious.
