Описание
Security update for mbedtls
This update for mbedtls fixes the following issues:
-
CVE-2021-24119: Fixed side-channel vulnerability in base64 PEM [boo#1189589]
Guard against strong local side channel attack against base64 tables by making access aceess to them use constant flow code.
Список пакетов
SUSE Package Hub 15 SP3
libmbedcrypto3-2.16.9-bp153.2.5.1
libmbedcrypto3-32bit-2.16.9-bp153.2.5.1
libmbedcrypto3-64bit-2.16.9-bp153.2.5.1
libmbedtls12-2.16.9-bp153.2.5.1
libmbedtls12-32bit-2.16.9-bp153.2.5.1
libmbedtls12-64bit-2.16.9-bp153.2.5.1
libmbedx509-0-2.16.9-bp153.2.5.1
libmbedx509-0-32bit-2.16.9-bp153.2.5.1
libmbedx509-0-64bit-2.16.9-bp153.2.5.1
mbedtls-devel-2.16.9-bp153.2.5.1
openSUSE Leap 15.3
libmbedcrypto3-2.16.9-bp153.2.5.1
libmbedcrypto3-32bit-2.16.9-bp153.2.5.1
libmbedcrypto3-64bit-2.16.9-bp153.2.5.1
libmbedtls12-2.16.9-bp153.2.5.1
libmbedtls12-32bit-2.16.9-bp153.2.5.1
libmbedtls12-64bit-2.16.9-bp153.2.5.1
libmbedx509-0-2.16.9-bp153.2.5.1
libmbedx509-0-32bit-2.16.9-bp153.2.5.1
libmbedx509-0-64bit-2.16.9-bp153.2.5.1
mbedtls-devel-2.16.9-bp153.2.5.1
Ссылки
- E-Mail link for openSUSE-SU-2021:1389-1
- SUSE Security Ratings
- SUSE Bug 1189589
- SUSE CVE CVE-2021-24119 page
Описание
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
Затронутые продукты
SUSE Package Hub 15 SP3:libmbedcrypto3-2.16.9-bp153.2.5.1
SUSE Package Hub 15 SP3:libmbedcrypto3-32bit-2.16.9-bp153.2.5.1
SUSE Package Hub 15 SP3:libmbedcrypto3-64bit-2.16.9-bp153.2.5.1
SUSE Package Hub 15 SP3:libmbedtls12-2.16.9-bp153.2.5.1
Ссылки
- CVE-2021-24119
- SUSE Bug 1189589