{"affected":[{"ecosystem_specific":{"binaries":[{"libmbedcrypto3":"2.16.9-bp152.2.3.1","libmbedcrypto3-64bit":"2.16.9-bp152.2.3.1","libmbedtls12":"2.16.9-bp152.2.3.1","libmbedtls12-64bit":"2.16.9-bp152.2.3.1","libmbedx509-0":"2.16.9-bp152.2.3.1","libmbedx509-0-64bit":"2.16.9-bp152.2.3.1","mbedtls-devel":"2.16.9-bp152.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP2","name":"mbedtls","purl":"pkg:rpm/suse/mbedtls&distro=SUSE%20Package%20Hub%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.16.9-bp152.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for mbedtls fixes the following issues:\n\n- mbedtls was updated to version 2.16.9\n  - CVE-2020-10932: Fixed side channel in ECC code that allowed an adversary with \n    access to precise enough timing and memory access information (typically an\n    untrusted operating system attacking a secure enclave) to fully recover\n    an ECDSA private key (boo#1181468).\n\nThis update was imported from the openSUSE:Leap:15.2:Update update project.","id":"openSUSE-SU-2021:0397-1","modified":"2021-03-09T05:04:58Z","published":"2021-03-09T05:04:58Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/24S6SRIXKQUW53S4LWIAJUR5ZBOCJPEA/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1181468"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-10932"}],"related":["CVE-2020-10932"],"summary":"Security update for mbedtls","upstream":["CVE-2020-10932"]}