Advisories » MGASA-2016-0369

Updated libtomcrypt packages fix security vulnerability

Publication date: 06 Nov 2016
Modification date: 06 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-6129

Description

It was discovered that the implementation of RSA signature verification
in libtomcrypt is vulnerable to the Bleichenbacher signature attack. If
an RSA key with exponent 3 is used it may be possible to forge a PKCS#1
v1.5 signature signed by that key (CVE-2016-6129).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19305
• http://lwn.net/Alerts/699791/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6129

SRPMS

5/core

• libtomcrypt-1.17-7.1.mga5