Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

openSUSE 15.5: 2023:4060-1 Moderate: Rage-Encryption Cipher Threat

opensuse
Calendar Grey October 12, 2023
Dist Opensuse Esm H88
Patch released for harmony-cypher tackling predetermined ciphertext vulnerability on Fedora with medium risk classification.
This update for rage-encryption fixes the following issues: -CVE-2023-42811: chosen ciphertext attack possible against aes-gcm (bsc#1215657)

Description

This update for rage-encryption fixes the following issues:

-CVE-2023-42811: chosen ciphertext attack possible against aes-gcm (bsc#1215657)

* update vendor.tar.zst to contain aes-gcm >= 0.10.3

* Update to version 0.9.2+0:

* CI: Ensure `apt` repository is up-to-date before installing build deps

* CI: Build Linux releases using `ubuntu-20.04` runner

* CI: Remove most uses of `actions-rs` actions

* Update to version 0.9.2+0:

* Fix changelog bugs and add missing entry

* Document `PINENTRY_PROGRAM` environment variable

* age: Add `Decryptor::new_async_buffered`

* age: `impl AsyncBufRead for ArmoredReader`

* Pre-initialize vectors when the capacity is known, or use arrays

* Use `PINENTRY_PROGRAM` as environment variable for `pinentry`

* Document why `impl AsyncWrite for StreamWriter` doesn't loop indefinitely

* cargo update

* cargo vet prune

* Migrate to `cargo-vet 0.7`

* build(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.1

*...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate update openSUSE aes-gcm rage-encryption ciphertext attack

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5

zypper in -t patch SUSE-2023-4060=1 openSUSE-SLE-15.5-2023-4060=1

* Basesystem Module 15-SP5

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4060=1

Package List

* openSUSE Leap 15.5 (aarch64 x86_64)

* rage-encryption-0.9.2+0-150500.3.3.1

* rage-encryption-debuginfo-0.9.2+0-150500.3.3.1

* openSUSE Leap 15.5 (noarch)

* rage-encryption-zsh-completion-0.9.2+0-150500.3.3.1

* rage-encryption-bash-completion-0.9.2+0-150500.3.3.1

* rage-encryption-fish-completion-0.9.2+0-150500.3.3.1

* Basesystem Module 15-SP5 (aarch64 x86_64)

* rage-encryption-0.9.2+0-150500.3.3.1

* rage-encryption-debuginfo-0.9.2+0-150500.3.3.1

* Basesystem Module 15-SP5 (noarch)

* rage-encryption-bash-completion-0.9.2+0-150500.3.3.1

References

* #1215657

## References:

* https://www.suse.com/security/cve/CVE-2023-42811.html

* https://bugzilla.suse.com/show_bug.cgi?id=1215657

Announcement ID: SUSE-SU-2023:4060-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate update openSUSE aes-gcm rage-encryption ciphertext attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here