Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-3565-1:4C8EB
HistoryMay 02, 2016 - 1:02 p.m.

[SECURITY] [DSA 3565-1] botan1.10 security update

2016-05-0213:02:16
lists.debian.org
11

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.1%

JSON

Debian Security Advisory DSA-3565-1 [email protected]
https://www.debian.org/security/ Sebastien Delafond
May 02, 2016 https://www.debian.org/security/faq

Package : botan1.10
CVE ID : CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194
CVE-2016-2195 CVE-2016-2849
Debian Bug : 817932 822698

Several security vulnerabilities were found in botan1.10, a C++
library which provides support for many common cryptographic
operations, including encryption, authentication, X.509v3 certificates
and CRLs.

CVE-2015-5726
The BER decoder would crash due to reading from offset 0 of an
empty vector if it encountered a BIT STRING which did not contain
any data at all. This can be used to easily crash applications
reading untrusted ASN.1 data, but does not seem exploitable for
code execution.

CVE-2015-5727
The BER decoder would allocate a fairly arbitrary amount of memory
in a length field, even if there was no chance the read request
would succeed. This might cause the process to run out of memory or
invoke the OOM killer.

CVE-2015-7827
Use constant time PKCS #1 unpadding to avoid possible side channel
attack against RSA decryption

CVE-2016-2194
Infinite loop in modular square root algorithm.
The ressol function implementing the Tonelli-Shanks algorithm for
finding square roots could be sent into a nearly infinite loop due
to a misplaced conditional check. This could occur if a composite
modulus is provided, as this algorithm is only defined for primes.
This function is exposed to attacker controlled input via the
OS2ECP function during ECC point decompression.

CVE-2016-2195
Fix Heap overflow on invalid ECC point.

CVE-2016-2849
Use constant time modular inverse algorithm to avoid possible
side channel attack against ECDSA.

For the stable distribution (jessie), these problems have been fixed in
version 1.10.8-2+deb8u1.

We recommend that you upgrade your botan1.10 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8kfreebsd-i386libbotan1.10-dev< 1.10.8-2+deb8u1libbotan1.10-dev_1.10.8-2+deb8u1_kfreebsd-i386.deb
Debian8kfreebsd-amd64libbotan-1.10-0< 1.10.8-2+deb8u1libbotan-1.10-0_1.10.8-2+deb8u1_kfreebsd-amd64.deb
Debian8ppc64elbotan1.10-dbg< 1.10.8-2+deb8u1botan1.10-dbg_1.10.8-2+deb8u1_ppc64el.deb
Debian7i386libbotan-1.10-0< 1.10.5-1+deb7u1libbotan-1.10-0_1.10.5-1+deb7u1_i386.deb
Debian7armellibbotan1.10-dev< 1.10.5-1+deb7u1libbotan1.10-dev_1.10.5-1+deb7u1_armel.deb
Debian8s390xbotan1.10-dbg< 1.10.8-2+deb8u1botan1.10-dbg_1.10.8-2+deb8u1_s390x.deb
Debian8mipselbotan1.10-dbg< 1.10.8-2+deb8u1botan1.10-dbg_1.10.8-2+deb8u1_mipsel.deb
Debian8s390xlibbotan1.10-dev< 1.10.8-2+deb8u1libbotan1.10-dev_1.10.8-2+deb8u1_s390x.deb
Debian8powerpclibbotan-1.10-0< 1.10.8-2+deb8u1libbotan-1.10-0_1.10.8-2+deb8u1_powerpc.deb
Debian8amd64libbotan1.10-dev< 1.10.8-2+deb8u1libbotan1.10-dev_1.10.8-2+deb8u1_amd64.deb
Rows per page:
1-10 of 501

Related

openvas 12
nessus 11
debian 2
osv 2
mageia 2
freebsd 3
gentoo 2
fedora 13
archlinux 2
ubuntucve 6
debiancve 6
prion 6
nvd 6
cve 6
cvelist 6
ibm 1
openvas
openvas
Debian Security Advisory DSA 3565-1 (botan1.10 - security update)
2016-05-02 00:00:00
Debian: Security Advisory (DSA-3565-1)
2016-05-01 00:00:00
Debian: Security Advisory (DLA-449-1)
2023-03-08 00:00:00
nessus
nessus
Debian DSA-3565-1 : botan1.10 - security update
2016-05-03 00:00:00
Fedora 22 : botan (2016-fe0d8f126a)
2016-07-14 00:00:00
Fedora 23 : botan (2016-f2aae0dbc5)
2016-07-14 00:00:00
debian
debian
[SECURITY] [DSA 3565-1] botan1.10 security update
2016-05-02 13:02:16
[SECURITY] [DLA 449-1] botan1.10 security update
2016-04-30 11:48:27
osv
osv
botan1.10 - security update
2016-05-02 00:00:00
botan1.10 - security update
2016-04-30 00:00:00
mageia
mageia
Updated botan packages fix security vulnerability
2016-03-08 00:51:48
Updated botan packages fix security vulnerabilities
2016-05-29 16:55:26
freebsd
freebsd
botan -- multiple vulnerabilities
2016-04-28 00:00:00
Botan BER Decoder vulnerabilities
2015-08-03 00:00:00
Multiple vulnerabilities in Botan
2016-02-01 00:00:00
gentoo
gentoo
Botan: Multiple vulnerabilities
2016-12-13 00:00:00
Botan: Multiple vulnerabilities
2017-01-11 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: botan-1.10.13-1.fc23
2016-05-15 05:36:49
[SECURITY] Fedora 24 Update: botan-1.10.13-1.fc24
2016-05-07 12:21:54
[SECURITY] Fedora 22 Update: botan-1.10.13-1.fc22
2016-05-16 14:57:35
archlinux
archlinux
botan: multiple issues
2016-02-10 00:00:00
botan: multiple issues
2016-03-24 00:00:00
ubuntucve
ubuntucve
CVE-2015-7827
2016-05-13 00:00:00
CVE-2015-5726
2016-05-13 00:00:00
CVE-2015-5727
2016-05-13 00:00:00
debiancve
debiancve
CVE-2015-7827
2016-05-13 14:59:00
CVE-2015-5726
2016-05-13 14:59:00
CVE-2015-5727
2016-05-13 14:59:00
prion
prion
Code injection
2016-05-13 14:59:00
Open redirect
2016-05-13 14:59:00
Design/Logic Flaw
2016-05-13 14:59:00
nvd
nvd
CVE-2015-5726
2016-05-13 14:59:01
CVE-2015-7827
2016-05-13 14:59:03
CVE-2015-5727
2016-05-13 14:59:02
cve
cve
CVE-2015-7827
2016-05-13 14:59:03
CVE-2015-5726
2016-05-13 14:59:01
CVE-2015-5727
2016-05-13 14:59:02
cvelist
cvelist
CVE-2015-7827
2016-05-13 14:00:00
CVE-2015-5726
2016-05-13 14:00:00
CVE-2015-5727
2016-05-13 14:00:00
ibm
ibm
Security Bulletin: A vulnerability in Open Source Botan affects IBM Netezza Platform Software clients (CVE-2016-2849).
2019-10-18 03:10:29

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.1%

JSON
Related for DEBIAN:DSA-3565-1:4C8EB
openvas12nessus11debian2osv2mageia2freebsd3gentoo2fedora13archlinux2ubuntucve6debiancve6prion6nvd6cve6cvelist6ibm1