SUSE Package Hub - openSUSE-2021-397

Update Info

openSUSE-2021-397

Security update for mbedtls

Type: security

Severity: moderate

Issued: 2021-03-09

Description:

This update for mbedtls fixes the following issues:

- mbedtls was updated to version 2.16.9
  - CVE-2020-10932: Fixed side channel in ECC code that allowed an adversary with 
    access to precise enough timing and memory access information (typically an
    untrusted operating system attacking a secure enclave) to fully recover
    an ECDSA private key (boo#1181468).

This update was imported from the openSUSE:Leap:15.2:Update update project.

References

CVE: CVE-2020-10932
Bugzilla: 1181468 VUL-0: CVE-2020-10932: mbedtls: side channel attack possibly leading to information disclosure

Packages

mbedtls-2.16.9-bp152.2.3.1