Fedora has issued an advisory on October 3: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HGVBZ2TTRKCTYAZTRHTF6OBD4W37F5MT/ The issue is fixed upstream in 8.6.0. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOCC: (none) => nicolas.salgueroStatus comment: (none) => Fixed upstream in 8.6.0
Suggested advisory: ======================== The updated packages fix a security vulnerability: The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. (CVE-2021-40530) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40530 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HGVBZ2TTRKCTYAZTRHTF6OBD4W37F5MT/ ======================== Updated packages in core/updates_testing: ======================== lib(64)cryptopp8-8.2.0-2.1.mga8 lib(64)cryptopp-devel-8.2.0-2.1.mga8 libcryptopp-progs-8.2.0-2.1.mga8 from SRPM: libcryptopp-8.2.0-2.1.mga8.src.rpm
Assignee: bugsquad => qa-bugsCVE: (none) => CVE-2021-40530Whiteboard: MGA8TOO => (none)Status comment: Fixed upstream in 8.6.0 => (none)Version: Cauldron => 8Status: NEW => ASSIGNED
Source RPM: libcryptopp-8.5.0-1.mga9.src.rpm => libcryptopp-8.2.0-2.mga8.src.rpm
MGA8-64 Plasma on Lenovo B50 No installation issues Ref bug 25759 Comment 6 for testing at CLI: $ cd /usr/share/cryptopp/ $ cryptest v > ~/Documenten/cryptest_v Checked the output file and all tests returned "passed" or "Failed tests = 0" Good enough for me.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 1.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0468.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED