Описание
Security update for libcryptopp
This update for libcryptopp fixes the following issues:
- CVE-2016-9939: Fixed potential DoS in Crypto++ (libcryptopp) ASN.1 parser (bsc#1015243).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP2
libcryptopp-devel-5.6.5-1.6.1
libcryptopp5_6_5-5.6.5-1.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
libcryptopp-devel-5.6.5-1.6.1
libcryptopp5_6_5-5.6.5-1.6.1
Ссылки
- Link for SUSE-SU-2021:3301-1
- E-Mail link for SUSE-SU-2021:3301-1
- SUSE Security Ratings
- SUSE Bug 1015243
- SUSE CVE CVE-2016-9939 page
Описание
Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP2:libcryptopp-devel-5.6.5-1.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP2:libcryptopp5_6_5-5.6.5-1.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP3:libcryptopp-devel-5.6.5-1.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP3:libcryptopp5_6_5-5.6.5-1.6.1
Ссылки
- CVE-2016-9939
- SUSE Bug 1015243