Fedora 28 : libtomcrypt (2018-9d667bdff8)
Medium Nessus Plugin ID 120655
SynopsisThe remote Fedora host is missing a security update.
Description- Fix Side Channel Based ECDSA Key Extraction (CVE-2018-12437) (PR #408)
- Fix potential stack overflow when DER flexi-decoding (CVE-2018-0739) (PR #373)
- Fix two-key 3DES (PR #390)
- Fix accelerated CTR mode (PR #359)
- Fix Fortuna PRNG (PR #363)
- Fix compilation on platforms where cc doesn't point to gcc (PR #382)
- Fix using the wrong environment variable LT instead of LIBTOOL (PR #392)
- Fix build on platforms where the compiler provides
__WCHAR_MAX__ but wchar.h is not available (PR #390)
- Fix & re-factor crypt_list_all_sizes() and crypt_list_all_constants() (PR #414)
- Minor fixes (PR's #350 #351 #375 #377 #378 #379)
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected libtomcrypt package.