{"affected":[{"ecosystem_specific":{"binaries":[{"libmbedcrypto3":"2.16.9-lp152.2.3.1","libmbedcrypto3-32bit":"2.16.9-lp152.2.3.1","libmbedtls12":"2.16.9-lp152.2.3.1","libmbedtls12-32bit":"2.16.9-lp152.2.3.1","libmbedx509-0":"2.16.9-lp152.2.3.1","libmbedx509-0-32bit":"2.16.9-lp152.2.3.1","mbedtls-devel":"2.16.9-lp152.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"mbedtls","purl":"pkg:rpm/opensuse/mbedtls&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.16.9-lp152.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for mbedtls fixes the following issues:\n\n- mbedtls was updated to version 2.16.9\n  - CVE-2020-10932: Fixed side channel in ECC code that allowed an adversary with \n    access to precise enough timing and memory access information (typically an\n    untrusted operating system attacking a secure enclave) to fully recover\n    an ECDSA private key (boo#1181468).\n","id":"openSUSE-SU-2021:0384-1","modified":"2021-03-05T17:05:02Z","published":"2021-03-05T17:05:02Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXL26ADEMUDQB634BGFJBSDD6LVNPAKC/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1181468"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-10932"}],"related":["CVE-2020-10932"],"summary":"Security update for mbedtls","upstream":["CVE-2020-10932"]}