Описание
Security update for libcryptopp
This update for libcryptopp fixes the following issues:
- CVE-2024-28285: Fixed potential leak of secret key of ElGamal encryption via fault injection (bsc#bsc#1224280).
Список пакетов
SUSE Enterprise Storage 7.1
libcryptopp-devel-5.6.5-150000.1.15.1
libcryptopp5_6_5-5.6.5-150000.1.15.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libcryptopp-devel-5.6.5-150000.1.15.1
libcryptopp5_6_5-5.6.5-150000.1.15.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libcryptopp-devel-5.6.5-150000.1.15.1
libcryptopp5_6_5-5.6.5-150000.1.15.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libcryptopp-devel-5.6.5-150000.1.15.1
libcryptopp5_6_5-5.6.5-150000.1.15.1
Ссылки
- Link for SUSE-SU-2025:01939-1
- E-Mail link for SUSE-SU-2025:01939-1
- SUSE Security Ratings
- SUSE Bug 1224280
- SUSE CVE CVE-2024-28285 page
Описание
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges.
Затронутые продукты
SUSE Enterprise Storage 7.1:libcryptopp-devel-5.6.5-150000.1.15.1
SUSE Enterprise Storage 7.1:libcryptopp5_6_5-5.6.5-150000.1.15.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libcryptopp-devel-5.6.5-150000.1.15.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libcryptopp5_6_5-5.6.5-150000.1.15.1
Ссылки
- CVE-2024-28285
- SUSE Bug 1224280