openSUSE-SU-2021:3301-1

Опубликовано: 06 окт. 2021

Источник: suse-cvrf

Описание

Security update for libcryptopp

This update for libcryptopp fixes the following issues:

CVE-2016-9939: Fixed potential DoS in Crypto++ (libcryptopp) ASN.1 parser (bsc#1015243).

Список пакетов

openSUSE Leap 15.3

libcryptopp-devel-5.6.5-1.6.1

libcryptopp5_6_5-5.6.5-1.6.1

libcryptopp5_6_5-32bit-5.6.5-1.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OT7AMKZYZG3NMSSJK4GVQCGFPLIGSKD5/
E-Mail link for openSUSE-SU-2021:3301-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1015243
SUSE Bug 1015243
https://www.suse.com/security/cve/CVE-2016-9939/
SUSE CVE CVE-2016-9939 page

Описание

Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation.

Затронутые продукты

openSUSE Leap 15.3:libcryptopp-devel-5.6.5-1.6.1

openSUSE Leap 15.3:libcryptopp5_6_5-32bit-5.6.5-1.6.1

openSUSE Leap 15.3:libcryptopp5_6_5-5.6.5-1.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-9939.html
CVE-2016-9939
https://bugzilla.suse.com/1015243
SUSE Bug 1015243

openSUSE-SU-2021:3301-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2016-9939

Описание

Затронутые продукты

Ссылки