Community Packages

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#63962 - [mbedtls] <2.16.3 is affected by CVE-2019-16910 (ECDSA implementation is not constant-time)

Attached to Project: Community Packages
Opened by Pascal Ernster (hardfalcon) - Monday, 30 September 2019, 12:42 GMT
Last edited by Doug Newgard (Scimmia) - Tuesday, 10 March 2020, 16:24 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Kyle Keen (keenerd)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


mbedTLS <2.19.0 and <2.16.3 uses an RNG with insufficient entropy for blinding when when deterministic ECDSA is enabled. This might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. Upstream has released a security advisory with more in-depth information (they seem to have introduced a new functions that software developers are supposed to use instead of the old function):

The changelog for mbedTLS 2.16.3 also lists two additional vulnerabilities:

mbedTLS 2.16.2 fixed an additional security issue (Archlinux currently ships mbedTLS 2.16.0):
This task depends upon

Closed by  Doug Newgard (Scimmia)
Tuesday, 10 March 2020, 16:24 GMT
Reason for closing:  Fixed
Comment by Pascal Ernster (hardfalcon) - Monday, 30 September 2019, 12:46 GMT
Sorry, I got the bug title wrong, should have been "ineffective blinding with deterministic ECDSA".