Описание
Security update for perl-Crypt-OpenSSL-RSA
This update for perl-Crypt-OpenSSL-RSA fixes the following issues:
- CVE-2024-2467: Side-channel attack in PKCS#1 v1.5 padding mode (Marvin Attack) (bsc#1221446)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP6
perl-Crypt-OpenSSL-RSA-0.28-150600.19.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
perl-Crypt-OpenSSL-RSA-0.28-150600.19.3.1
openSUSE Leap 15.6
perl-Crypt-OpenSSL-RSA-0.28-150600.19.3.1
Ссылки
- Link for SUSE-SU-2025:01884-1
- E-Mail link for SUSE-SU-2025:01884-1
- SUSE Security Ratings
- SUSE Bug 1221446
- SUSE CVE CVE-2024-2467 page
Описание
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:perl-Crypt-OpenSSL-RSA-0.28-150600.19.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:perl-Crypt-OpenSSL-RSA-0.28-150600.19.3.1
openSUSE Leap 15.6:perl-Crypt-OpenSSL-RSA-0.28-150600.19.3.1
Ссылки
- CVE-2024-2467
- SUSE Bug 1221446