Security update for libcryptopp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:3301-1 Final 1 1 2021-10-06T14:58:42Z current 2021-10-06T14:58:42Z 2021-10-06T14:58:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libcryptopp This update for libcryptopp fixes the following issues: - CVE-2016-9939: Fixed potential DoS in Crypto++ (libcryptopp) ASN.1 parser (bsc#1015243). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-3301,SUSE-SLE-Module-Basesystem-15-SP2-2021-3301,SUSE-SLE-Module-Basesystem-15-SP3-2021-3301 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20213301-1/ Link for SUSE-SU-2021:3301-1 https://lists.suse.com/pipermail/sle-security-updates/2021-October/009547.html E-Mail link for SUSE-SU-2021:3301-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1015243 SUSE Bug 1015243 https://www.suse.com/security/cve/CVE-2016-9939/ SUSE CVE CVE-2016-9939 page SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP3 libcryptopp-devel-5.6.5-1.6.1 libcryptopp5_6_5-5.6.5-1.6.1 libcryptopp5_6_5-32bit-5.6.5-1.6.1 libcryptopp5_6_5-64bit-5.6.5-1.6.1 libcryptopp-devel-5.6.5-1.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 libcryptopp5_6_5-5.6.5-1.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 libcryptopp-devel-5.6.5-1.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 libcryptopp5_6_5-5.6.5-1.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation. CVE-2016-9939 SUSE Linux Enterprise Module for Basesystem 15 SP2:libcryptopp-devel-5.6.5-1.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:libcryptopp5_6_5-5.6.5-1.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:libcryptopp-devel-5.6.5-1.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:libcryptopp5_6_5-5.6.5-1.6.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213301-1/ https://www.suse.com/security/cve/CVE-2016-9939.html CVE-2016-9939 https://bugzilla.suse.com/1015243 SUSE Bug 1015243