You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa libtomcrypt

Sigurnosni nedostaci programskog paketa libtomcrypt

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2018-07-19 18:02:50.871311

Name : libtomcrypt
Product : Fedora 28
Version : 1.18.2
Release : 1.fc28
Summary : A comprehensive, portable cryptographic toolkit
Description :
A comprehensive, modular and portable cryptographic toolkit that provides
developers with a vast array of well known published block ciphers, one-way hash
functions, chaining modes, pseudo-random number generators, public key
cryptography and a plethora of other routines.

Designed from the ground up to be very simple to use. It has a modular and
standard API that allows new ciphers, hashes and PRNGs to be added or removed
without change to the overall end application. It features easy to use functions
and a complete user manual which has many source snippet examples.

Update Information:

– Fix Side Channel Based ECDSA Key Extraction (CVE-2018-12437) (PR #408) – Fix
potential stack overflow when DER flexi-decoding (CVE-2018-0739) (PR #373) – Fix
two-key 3DES (PR #390) – Fix accelerated CTR mode (PR #359) – Fix Fortuna PRNG
(PR #363) – Fix compilation on platforms where cc doesn’t point to gcc (PR #382)
– Fix using the wrong environment variable LT instead of LIBTOOL (PR #392) – Fix
build on platforms where the compiler provides __WCHAR_MAX__ but wchar.h is not
available (PR #390) – Fix & re-factor crypt_list_all_sizes() and
crypt_list_all_constants() (PR #414) – Minor fixes (PR’s #350 #351 #375 #377
#378 #379)

* Sun Jul 8 2018 Simone Caronni <> – 1.18.2-1
– Udpate to 1.18.2.
* Wed Apr 18 2018 Simone Caronni <> – 1.18.1-5
– Update build requirement for texlive rebase.
* Mon Apr 9 2018 Rafael Santos <> – 1.18.1-4
– Fix missing Fedora linker flags (bug #1548709)

[ 1 ] Bug #1591906 – CVE-2018-12437 libtomcrypt: memory-cache side-channel attack on ECDSA signatures [epel-all]
[ 2 ] Bug #1591905 – CVE-2018-12437 libtomcrypt: memory-cache side-channel attack on ECDSA signatures [fedora-all]
[ 3 ] Bug #1548709 – libtomcrypt: Partial build flags injection

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-9d667bdff8’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorPetar Bertok
Cert idNCERT-REF-2018-07-0001-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa openslp

Otkriveni su sigurnosni nedostaci u programskom paketu openslp za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja...