FEDORA-2017-523f6a613d

security update in Fedora 27 for botan

Status: stable 2 years ago

Version 1.10.17, 2017-10-02

  • Address a side channel affecting modular exponentiation. An attacker capable of a local or cross-VM cache analysis attack may be able to recover bits of secret exponents as used in RSA, DH, etc. (CVE-2017-14737)
  • Workaround a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function. GH #1192 GH #1148 GH #882
  • Add SecureVector::data() function which returns the start of the buffer. This makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase.
  • When compiled by a C++11 (or later) compiler, a template typedef of SecureVector, secure_vector, is added. In 2.x this class is a std::vector with a custom allocator, so has a somewhat different interface than SecureVector in 1.10. But this makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase.
  • Fix a bug that prevented configure.py from running under Python3
  • Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will #error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against 1.1 or later. GH #753
  • Import patches from Debian adding basic support for building on aarch64, ppc64le, or1k, and mipsn32 platforms.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-523f6a613d

Comments 6

This update has been submitted for testing by thm.

This update has been pushed to testing.

This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by thm.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 2

00 #1496368 CVE-2017-14737 botan: cryptographic cache-based side channel in the RSA implementation
00 #1496370 CVE-2017-14737 botan: cryptographic cache-based side channel in the RSA implementation [fedora-all]

Automated Test Results