2 matches found
AZL-34764 CVE-2023-45287 affecting package golang for versions less than 1.20.0-1
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...
SUSE-SU-2023:2813-1 Security update for skopeo
This update of skopeo fixes the following issues: - rebuild the package with the go 1.20 security release bsc1206346...