Описание
Security update for ed25519-java
This update for ed25519-java fixes the following issues:
- CVE-2020-36843: Fixed no check performed on scalar to avoid signature malleability (bsc#1239551)
Список пакетов
SUSE Enterprise Storage 7.1
ed25519-java-0.3.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
ed25519-java-0.3.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
ed25519-java-0.3.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
ed25519-java-0.3.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
ed25519-java-0.3.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
ed25519-java-0.3.0-150200.5.9.1
SUSE Linux Enterprise Module for Development Tools 15 SP6
ed25519-java-0.3.0-150200.5.9.1
SUSE Linux Enterprise Server 15 SP3-LTSS
ed25519-java-0.3.0-150200.5.9.1
SUSE Linux Enterprise Server 15 SP4-LTSS
ed25519-java-0.3.0-150200.5.9.1
SUSE Linux Enterprise Server 15 SP5-LTSS
ed25519-java-0.3.0-150200.5.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
ed25519-java-0.3.0-150200.5.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
ed25519-java-0.3.0-150200.5.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
ed25519-java-0.3.0-150200.5.9.1
openSUSE Leap 15.6
ed25519-java-0.3.0-150200.5.9.1
ed25519-java-javadoc-0.3.0-150200.5.9.1
Ссылки
- Link for SUSE-SU-2025:1029-1
- E-Mail link for SUSE-SU-2025:1029-1
- SUSE Security Ratings
- SUSE Bug 1239551
- SUSE CVE CVE-2020-36843 page
Описание
The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message.
Затронутые продукты
SUSE Enterprise Storage 7.1:ed25519-java-0.3.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:ed25519-java-0.3.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:ed25519-java-0.3.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:ed25519-java-0.3.0-150200.5.9.1
Ссылки
- CVE-2020-36843
- SUSE Bug 1239551