Description: The fix for CVE-2020-25657 is not addressing the leakage in the RSA decryption. Because of the API design, the fix is generally not believed to be possible to be fully addressed. The issue can be mitigated by using a cryptographic backend that implements implicit rejection (Marvin workaround). Only applications that use RSA decryption with PKCS#1 v1.5 padding are affected. References: https://gitlab.com/m2crypto/m2crypto/-/issues/342 https://people.redhat.com/~hkario/marvin/ https://github.com/openssl/openssl/pull/13817
Created m2crypto tracking bugs for this issue: Affects: fedora-all [bug 2254436]
Created pywbem tracking bugs for this issue: Affects: fedora-all [bug 2254734] Created virt-who tracking bugs for this issue: Affects: fedora-all [bug 2254735]