4 matches found
[SECURITY] [DLA 3249-1] mbedtls security update
Debian LTS Advisory DLA-3249-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 26, 2022 https://wiki.debian.org/LTS Package : mbedtls Version : 2.16.9-0deb10u1 CVE ID : CVE-2019-16910 CVE-2019-18222 CVE-2020-10932 CVE-2020-10941 CVE-2020-16150...
Fedora 29 : mbedtls (2019-89891f3e4a)
Update to 2.16.3 - Side channel attack on deterministic ECDSA CVE-2019-16910 Release notes: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.3-and-2.7.12-r eleased Security Advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security -advisory-2019-10 Note that Tenable...
Fedora 30 : mbedtls (2019-07940971b2)
Update to 2.16.3 - Side channel attack on deterministic ECDSA CVE-2019-16910 Release notes: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.3-and-2.7.12-r eleased Security Advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security -advisory-2019-10 Note that Tenable...
CVE-2019-16910
Arm Mbed TLS prior to 2.19.0 and Arm Mbed Crypto prior to 2.0.0 are affected by CVE-2019-16910. When deterministic ECDSA is enabled, the RNG blinding uses insufficient entropy, enabling a side-channel based attack that could recover a private key if the same message is signed repeatedly. The issu...