Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 951441 (CVE-2024-45191, CVE-2024-45192, CVE-2024-45193) - dev-libs/olm: multiple vulenrabilities
Summary: dev-libs/olm: multiple vulenrabilities
Status: CONFIRMED
Alias: CVE-2024-45191, CVE-2024-45192, CVE-2024-45193
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://soatok.blog/2024/08/14/securi...
Whiteboard: B3 [?]
Keywords:
Depends on:
Blocks:
 
Reported: 2025-03-15 21:58 UTC by Petr Vaněk
Modified: 2025-03-15 22:06 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Vaněk gentoo-dev 2025-03-15 21:58:22 UTC
CVE-2024-45191 - AES implementation is vulnerable to cache-timing attacks
CVE-2024-45192 - Timing leakage in base64 decoding of private key material
CVE-2024-45193 - Ed25519 signatures are malleable
Comment 1 Petr Vaněk gentoo-dev 2025-03-15 22:06:43 UTC
Upstream is deprecated [1]. The package has two rev-deps in ::gentoo tree currently.

[1] https://gitlab.matrix.org/matrix-org/olm#important-libolm-is-now-deprecated