MGASA-2016-0369

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0369.html

Import Source

https://advisories.mageia.org/MGASA-2016-0369.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2016-0369

Related

CVE-2016-6129

Published

2016-11-06T13:37:17Z

Modified

2016-11-06T13:27:18Z

Summary

Updated libtomcrypt packages fix security vulnerability

Details

It was discovered that the implementation of RSA signature verification in libtomcrypt is vulnerable to the Bleichenbacher signature attack. If an RSA key with exponent 3 is used it may be possible to forge a PKCS#1 v1.5 signature signed by that key (CVE-2016-6129).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / libtomcrypt

Package

Name: libtomcrypt
Purl: pkg:rpm/mageia/libtomcrypt?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17-7.1.mga5

Ecosystem specific

{
    "section": "core"
}