Bug 9255

Summary: libtomcrypt security vulnerability (CVE-2018-12437)
Product: [ROSA-based products] ROSA Fresh Reporter: Zombie Ryushu <zombie.ryushu>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: RESOLVED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: andrey.bondrov, denis.silakov, mc2374
Version: All   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://advisories.mageia.org/MGASA-2018-0339.html
Whiteboard:
Platform: --- ROSA Vulnerability identifier: CVE-2018-12437
RPM Package: libtomcrypt-1.18.1-1.src.rpm ISO-related:
Bad POT generating: Upstream:
Bug Depends on: 9329    
Bug Blocks:    

Description Zombie Ryushu 2018-08-21 19:50:23 MSK 
libtomcrypt has been updated to secure it against two security
vulnerabilities.

A problem in the ASN.1 parser could cause a stack overflow and a resulting
denial of service when parsing deeply recursive ASN.1 types (CVE-2018-0739).

An attacker capable of triggering signatures and mounting a side channel
attack against a victim can extract an ECDSA key in a practical amount
of time (CVE-2018-12437).
Comment 1 Giovanni Mariani 2018-09-15 23:22:08 MSK 
Working on an updated package...
Comment 2 Giovanni Mariani 2018-09-16 18:51:59 MSK 
Build new package and requested QA...
Comment 3 Giovanni Mariani 2018-10-04 19:24:17 MSK 
New packages published: closing.