Upstream information

CVE-2018-25099 at MITRE

Description

In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag.

SUSE information

Overall state of this security issue: Analysis

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

SUSE Bugzilla entry: 1221528 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub 15 SP5
  • perl-CryptX >= 0.80.0-bp155.2.3.1
 Patchnames:
openSUSE-2024-112
openSUSE Leap 15.5
  • perl-CryptX >= 0.80.0-bp155.2.3.1
 Patchnames:
openSUSE-2024-112
openSUSE Tumbleweed
  • perl-CryptX >= 0.80.0-3.1
 Patchnames:
openSUSE Tumbleweed GA perl-CryptX-0.80.0-3.1

SUSE Timeline for this CVE

CVE page created: Mon Mar 18 07:00:16 2024
CVE page last modified: Sun Apr 21 16:23:56 2024