Описание
Security update for libcryptopp
This update for libcryptopp fixes the following issues:
- CVE-2023-50981: Fixed a potential denial of service issue via crafted DER public key data (bsc#1218222).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP5
libcryptopp-devel-8.6.0-150400.3.6.1
libcryptopp8_6_0-8.6.0-150400.3.6.1
SUSE Linux Enterprise Real Time 15 SP4
libcryptopp-devel-8.6.0-150400.3.6.1
libcryptopp8_6_0-8.6.0-150400.3.6.1
openSUSE Leap 15.5
libcryptopp-devel-8.6.0-150400.3.6.1
libcryptopp8_6_0-8.6.0-150400.3.6.1
libcryptopp8_6_0-32bit-8.6.0-150400.3.6.1
Ссылки
- Link for SUSE-SU-2024:0157-1
- E-Mail link for SUSE-SU-2024:0157-1
- SUSE Security Ratings
- SUSE Bug 1218222
- SUSE CVE CVE-2023-50981 page
Описание
ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP5:libcryptopp-devel-8.6.0-150400.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP5:libcryptopp8_6_0-8.6.0-150400.3.6.1
SUSE Linux Enterprise Real Time 15 SP4:libcryptopp-devel-8.6.0-150400.3.6.1
SUSE Linux Enterprise Real Time 15 SP4:libcryptopp8_6_0-8.6.0-150400.3.6.1
Ссылки
- CVE-2023-50981
- SUSE Bug 1218222