openSUSE-SU-2021:1355-1

Details

This update for mbedtls fixes the following issues:

CVE-2021-24119: Fixed side-channel vulnerability in base64 PEM [boo#1189589]

Guard against strong local side channel attack against base64 tables by making access aceess to them use constant flow code.

This update was imported from the openSUSE:Leap:15.2:Update update project.

Affected Packages

libmbedcrypto3

SUSE Package Hub 15 SP2

Fixed in:

2.16.9-bp152.2.6.1

libmbedcrypto3-64bit

SUSE Package Hub 15 SP2

Fixed in:

2.16.9-bp152.2.6.1

libmbedtls12

SUSE Package Hub 15 SP2

Fixed in:

2.16.9-bp152.2.6.1

libmbedtls12-64bit

SUSE Package Hub 15 SP2

Fixed in:

2.16.9-bp152.2.6.1

libmbedx509-0

SUSE Package Hub 15 SP2

Fixed in:

2.16.9-bp152.2.6.1

libmbedx509-0-64bit

SUSE Package Hub 15 SP2

Fixed in:

2.16.9-bp152.2.6.1

mbedtls

SUSE Package Hub 15 SP2

Fixed in:

2.16.9-bp152.2.6.1

mbedtls-devel

SUSE Package Hub 15 SP2

Fixed in:

2.16.9-bp152.2.6.1

References