ALT-BU-2021-4030-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2023-00604
Уязвимость функции mbedtls_mpi_exp_mod() (lignum.c) программного обеспечения Mbed TLS, позволяющая нарушителю раскрыть защищаемую информацию
Modified: 2024-11-21
CVE-2021-36647
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
- https://github.com/ARMmbed/mbedtls/releases/
- https://github.com/ARMmbed/mbedtls/releases/
- https://kouzili.com/Load-Step.pdf
- https://kouzili.com/Load-Step.pdf
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1
Package lightdm-gtk-greeter updated to version 2.0.7-alt8 for branch sisyphus in task 277880.
Closed bugs
lightdm-gtk-greeter FTBFS
Package libxdg-basedir updated to version 1.2.3-alt1 for branch sisyphus in task 278037.
Closed bugs
Прошу пересобрать libxdg-basedir