Описание
Security update for libcryptopp
This update for libcryptopp fixes the following issues:
- CVE-2023-50980: Fixed DoS via malformed DER public key file (bsc#1218219).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP5
libcryptopp-devel-8.6.0-150400.3.3.1
libcryptopp8_6_0-8.6.0-150400.3.3.1
SUSE Linux Enterprise Real Time 15 SP4
libcryptopp-devel-8.6.0-150400.3.3.1
libcryptopp8_6_0-8.6.0-150400.3.3.1
openSUSE Leap 15.4
libcryptopp-devel-8.6.0-150400.3.3.1
libcryptopp8_6_0-8.6.0-150400.3.3.1
libcryptopp8_6_0-32bit-8.6.0-150400.3.3.1
openSUSE Leap 15.5
libcryptopp-devel-8.6.0-150400.3.3.1
libcryptopp8_6_0-8.6.0-150400.3.3.1
libcryptopp8_6_0-32bit-8.6.0-150400.3.3.1
Ссылки
- Link for SUSE-SU-2024:0030-1
- E-Mail link for SUSE-SU-2024:0030-1
- SUSE Security Ratings
- SUSE Bug 1218219
- SUSE CVE CVE-2023-50980 page
Описание
gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP5:libcryptopp-devel-8.6.0-150400.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP5:libcryptopp8_6_0-8.6.0-150400.3.3.1
SUSE Linux Enterprise Real Time 15 SP4:libcryptopp-devel-8.6.0-150400.3.3.1
SUSE Linux Enterprise Real Time 15 SP4:libcryptopp8_6_0-8.6.0-150400.3.3.1
Ссылки
- CVE-2023-50980
- SUSE Bug 1218219