advisories/29529.adv

type: security
subject: Updated libcryptopp packages fix security vulnerability
CVE:
 - CVE-2021-40530
src:
  8:
   core:
     - libcryptopp-8.2.0-2.1.mga8
description: |
  The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery
  because, during interaction between two cryptographic libraries, a certain
  dangerous combination of the prime defined by the receiver's public key, the
  generator defined by the receiver's public key, and the sender's ephemeral
  exponents can lead to a cross-configuration attack against OpenPGP.
  (CVE-2021-40530)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=29529
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HGVBZ2TTRKCTYAZTRHTF6OBD4W37F5MT/
ID: MGASA-2021-0468
1	type: security
2	subject: Updated libcryptopp packages fix security vulnerability
3	CVE:
4	- CVE-2021-40530
5	src:
6	8:
7	core:
8	- libcryptopp-8.2.0-2.1.mga8
9	description: \|
10	The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery
11	because, during interaction between two cryptographic libraries, a certain
12	dangerous combination of the prime defined by the receiver's public key, the
13	generator defined by the receiver's public key, and the sender's ephemeral
14	exponents can lead to a cross-configuration attack against OpenPGP.
15	(CVE-2021-40530)
16	references:
17	- https://bugs.mageia.org/show_bug.cgi?id=29529
18	- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HGVBZ2TTRKCTYAZTRHTF6OBD4W37F5MT/
19	ID: MGASA-2021-0468