Mageia Advisory: MGASA-2018-0339 - Updated libtomcrypt packages fix security vulnerability

Updated libtomcrypt packages fix security vulnerability

Publication date: 15 Aug 2018
Modification date: 15 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-0739 , CVE-2018-12437

Description

libtomcrypt has been updated to secure it against two security
vulnerabilities.

A problem in the ASN.1 parser could cause a stack overflow and a resulting
denial of service when parsing deeply recursive ASN.1 types (CVE-2018-0739).

An attacker capable of triggering signatures and mounting a side channel
attack against a victim can extract an ECDSA key in a practical amount
of time (CVE-2018-12437).

References

https://bugs.mageia.org/show_bug.cgi?id=23335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12437

SRPMS

6/core

libtomcrypt-1.17-11.1.mga6

Advisories » MGASA-2018-0339

Updated libtomcrypt packages fix security vulnerability

Description

References

SRPMS

6/core