openSUSE-SU-2021:0906-1

Опубликовано: 24 июн. 2021

Источник: suse-cvrf

Описание

Security update for libnettle

This update for libnettle fixes the following issues:

CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.2

libhogweed4-3.4.1-lp152.4.6.1

libhogweed4-32bit-3.4.1-lp152.4.6.1

libnettle-devel-3.4.1-lp152.4.6.1

libnettle-devel-32bit-3.4.1-lp152.4.6.1

libnettle6-3.4.1-lp152.4.6.1

libnettle6-32bit-3.4.1-lp152.4.6.1

nettle-3.4.1-lp152.4.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/D4XGPKTRWLOEATNJNZGQZCO6BZTKIKJ6/
E-Mail link for openSUSE-SU-2021:0906-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1187060
SUSE Bug 1187060
https://www.suse.com/security/cve/CVE-2021-3580/
SUSE CVE CVE-2021-3580 page

Описание

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

Затронутые продукты

openSUSE Leap 15.2:libhogweed4-3.4.1-lp152.4.6.1

openSUSE Leap 15.2:libhogweed4-32bit-3.4.1-lp152.4.6.1

openSUSE Leap 15.2:libnettle-devel-3.4.1-lp152.4.6.1

openSUSE Leap 15.2:libnettle-devel-32bit-3.4.1-lp152.4.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3580.html
CVE-2021-3580
https://bugzilla.suse.com/1187060
SUSE Bug 1187060
https://bugzilla.suse.com/1187892
SUSE Bug 1187892

openSUSE-SU-2021:0906-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-3580

Описание

Затронутые продукты

Ссылки