VDB

GCVE-110-MAGEIA-2016-147

GCVE-110-MAGEIA-2016-147
Advisory Published
Vulnetix · Advisory published April 25, 2016
Updated libcryptopp packages fix security vulnerability: In libcryptopp, for both Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock there is some code to avoid timing attacks, however it is removed by the compiler due to optimizations, making the binary vulnerable to timing attacks (CVE-2016-3995). This update also corrects some bugs with the package.

Affected Products

VendorProductVersionsPlatforms
Mageialibcryptopp0 (affected), 5.6.3-1.1.mga5 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›