FEDORA-2017-7e5ac0896e created by thm 2 years ago for Fedora 25
stable

Version 1.10.17, 2017-10-02

  • Address a side channel affecting modular exponentiation. An attacker capable of a local or cross-VM cache analysis attack may be able to recover bits of secret exponents as used in RSA, DH, etc. (CVE-2017-14737)
  • Workaround a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function. GH #1192 GH #1148 GH #882
  • Add SecureVector::data() function which returns the start of the buffer. This makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase.
  • When compiled by a C++11 (or later) compiler, a template typedef of SecureVector, secure_vector, is added. In 2.x this class is a std::vector with a custom allocator, so has a somewhat different interface than SecureVector in 1.10. But this makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase.
  • Fix a bug that prevented configure.py from running under Python3
  • Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will #error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against 1.1 or later. GH #753
  • Import patches from Debian adding basic support for building on aarch64, ppc64le, or1k, and mipsn32 platforms.

Version 1.10.16, 2017-04-04

  • Fix a bug in X509 DN string comparisons that could result in out of bound reads. This could result in information leakage, denial of service, or potentially incorrect certificate validation results. (CVE-2017-2801)
  • Avoid throwing during a destructor since this is undefined in C++11 and rarely a good idea. GH #930

Version 1.10.15, 2017-01-12

  • Fix a bug causing modular exponentiations done modulo even numbers to almost always be incorrect, unless the values were small. This bug is not known to affect any cryptographic operation in Botan. GH #754
  • Avoid use of C++11 std::to_string in some code added in 1.10.14 GH #747 GH #834

How to install

sudo dnf upgrade --advisory=FEDORA-2017-7e5ac0896e

This update has been submitted for testing by thm.

2 years ago

This update has been pushed to testing.

2 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago

thm edited this update.

New build(s):

  • botan-1.10.17-1.fc25

Removed build(s):

  • botan-1.10.16-1.fc25

Karma has been reset.

2 years ago

This update has been submitted for testing by thm.

2 years ago

This update has been pushed to testing.

2 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for batched by thm.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1441126 CVE-2017-2801 botan: Incorrect comparison in X.509 DN strings
0
0
BZ#1441129 CVE-2017-2801 botan: Incorrect comparison in X.509 DN strings [fedora-all]
0
0
BZ#1496368 CVE-2017-14737 botan: cryptographic cache-based side channel in the RSA implementation
0
0
BZ#1496370 CVE-2017-14737 botan: cryptographic cache-based side channel in the RSA implementation [fedora-all]
0
0

Automated Test Results