FEDORA-2018-98ab6b4e56

security update in Fedora 27 for botan2

Status: stable a month ago

Update Botan2 to 2.7.0.

Focus of this release is on performance and side channel hardening.

  • Address side channels in RSA key generation and ECDSA signing
  • Side channel hardening in many core algorithms (modular exponentiation, ECC scalar multiply, Karatsuba multiplication, Barrett reduction, etc) to reduce the risk of future exploitable side channels.
  • Many optimizations for ECC operations, RSA (including key gen), DSA, DH, and XMSS. Typical speedups vs 2.6.0 is 10 to 40% depending on operation and key size.
  • Add Scrypt password hashing. Also supported is using Scrypt to derive keys for private key encryption (format compatible with upcoming OpenSSL 1.1.1)
  • Add base32 encoding/decoding
  • Plus many bug fixes and smaller enhancements documented in the release notes

Comments 6

This update has been submitted for testing by thm.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by thm.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines
#1591831 CVE-2018-12435 botan: memory-cache side-channel attack on ECDSA signatures
#1591163 CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries
#1591833 CVE-2018-12435 botan2: botan: memory-cache side-channel attack on ECDSA signatures [fedora-all]
#1591172 CVE-2018-0495 botan: openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries [fedora-all]
Is the update generally functional?
Content Type
RPM
Status
stable
Test Gating Status
Tests Ignored
Submitted by
Update Type
security
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 months ago
in testing 2 months ago
in stable a month ago

Related Bugs 4

00 #1591831 CVE-2018-12435 botan: memory-cache side-channel attack on ECDSA signatures
00 #1591163 CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries
00 #1591833 CVE-2018-12435 botan2: botan: memory-cache side-channel attack on ECDSA signatures [fedora-all]
00 #1591172 CVE-2018-0495 botan: openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries [fedora-all]

Automated Test Results

Test results and gating status may sometimes conflict as the gating status is retrieved periodically by Bodhi's backend server, while the test results presented here are retrieved upon page load. If your update is marked as gated while all the tests show green/passed, the next check of gating status should open the gate.