openSUSE: Security Advisory for libcryptopp (openSUSE-SU-2019:1968-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2019:1968-1 Security update for libcryptopp

This update for libcryptopp fixes the following issues: - CVE-2019-14318: Fixed a timing side channel vulnerability in the ECDSA signature generation boo1143532...

Security update for libcryptopp (moderate)

openSUSE Security Update: Security update for libcryptopp Announcement ID: openSUSE-SU-2019:1968-1 Rating: moderate References: 1143532 Cross-References: CVE-2019-14318 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that...

MGASA-2017-0175 Updated libcryptopp packages fix security vulnerability

Crypto++'s Zinflate class, used by classes like Gunzip and Inflator, could perform an out-of-bounds read when decompressing data CVE-2017-9434...

Updated libcryptopp packages fix security vulnerability

When Crypto++ library parses an ASN.1 data value, the library allocates for the content octets based on the length octets. Later, if there's too few or too little content octets, the library throws a BERDecodeErr exception. The memory for the content octets will be zeroized even if unused, which...

MGASA-2017-0010 Updated libcryptopp packages fix security vulnerability

When Crypto++ library parses an ASN.1 data value, the library allocates for the content octets based on the length octets. Later, if there's too few or too little content octets, the library throws a BERDecodeErr exception. The memory for the content octets will be zeroized even if unused, which...

MGASA-2016-0333 Updated libcryptopp packages fix security vulnerability

The libcryptopp package was built with debugging enabled, which could cause a crash due to assertions being turned on and could also cause core files to be generated containing sensitive information CVE-2016-7420...

Updated libcryptopp packages fix security vulnerability

The libcryptopp package was built with debugging enabled, which could cause a crash due to assertions being turned on and could also cause core files to be generated containing sensitive information CVE-2016-7420...

Mageia: Security Advisory (MGASA-2016-0147)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated libcryptopp packages fix CVE-2016-3995

Updated libcryptopp packages fix security vulnerability: In libcryptopp, for both Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock there is some code to avoid timing attacks, however it is removed by the compiler due to optimizations, making the binary vulnerable to timing...

MGASA-2016-0147 Updated libcryptopp packages fix CVE-2016-3995

Updated libcryptopp packages fix security vulnerability: In libcryptopp, for both Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock there is some code to avoid timing attacks, however it is removed by the compiler due to optimizations, making the binary vulnerable to timing...

Mageia: Security Advisory (MGASA-2015-0317)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated libcryptopp package fixes security vulnerability

Evgeny Sidorov discovered that libcryptopp did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key CVE-2015-2141...

MGASA-2015-0317 Updated libcryptopp package fixes security vulnerability

Evgeny Sidorov discovered that libcryptopp did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key CVE-2015-2141...

openSUSE Security Update : libcryptopp (openSUSE-2015-504)

libcryptopp was updated to fix one security issue. This security issue was fixed : - CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 did not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allowed...