951441 – (CVE-2024-45191, CVE-2024-45192, CVE-2024-45193) dev-libs/olm: multiple vulenrabilities

Bug 951441 (CVE-2024-45191, CVE-2024-45192, CVE-2024-45193) - dev-libs/olm: multiple vulenrabilities

Summary: dev-libs/olm: multiple vulenrabilities

Status:	CONFIRMED

Alias:	CVE-2024-45191, CVE-2024-45192, CVE-2024-45193

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://soatok.blog/2024/08/14/securi...
Whiteboard:	B3 [?]
Keywords:

Depends on:
Blocks:

Reported:	2025-03-15 21:58 UTC by Petr Vaněk
Modified:	2025-03-15 22:06 UTC (History)
CC List:	2 users (show)

See Also:	951438
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Petr Vaněk gentoo-dev

2025-03-15 21:58:22 UTC

CVE-2024-45191 - AES implementation is vulnerable to cache-timing attacks
CVE-2024-45192 - Timing leakage in base64 decoding of private key material
CVE-2024-45193 - Ed25519 signatures are malleable

Comment 1 Petr Vaněk gentoo-dev

2025-03-15 22:06:43 UTC

Upstream is deprecated [1]. The package has two rev-deps in ::gentoo tree currently.

[1] https://gitlab.matrix.org/matrix-org/olm#important-libolm-is-now-deprecated