1 |
type: security |
2 |
subject: Updated libcryptopp packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2021-40530 |
5 |
src: |
6 |
8: |
7 |
core: |
8 |
- libcryptopp-8.2.0-2.1.mga8 |
9 |
description: | |
10 |
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery |
11 |
because, during interaction between two cryptographic libraries, a certain |
12 |
dangerous combination of the prime defined by the receiver's public key, the |
13 |
generator defined by the receiver's public key, and the sender's ephemeral |
14 |
exponents can lead to a cross-configuration attack against OpenPGP. |
15 |
(CVE-2021-40530) |
16 |
references: |
17 |
- https://bugs.mageia.org/show_bug.cgi?id=29529 |
18 |
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HGVBZ2TTRKCTYAZTRHTF6OBD4W37F5MT/ |
19 |
ID: MGASA-2021-0468 |