[SECURITY] [DSA 3939-1] botan1.10 security update

2017-08-1218:35:05

lists.debian.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.6%

JSON

Debian Security Advisory DSA-3939-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
August 12, 2017 https://www.debian.org/security/faq

Package : botan1.10
CVE ID : CVE-2017-2801

Aleksandar Nikolic discovered that an error in the x509 parser of the
Botan crypto library could result in an out-of-bounds memory read,
resulting in denial of service or an information leak if processing
a malformed certificate.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.10.8-2+deb8u2.

For the stable distribution (stretch), this problem has been fixed
prior to the initial release.

We recommend that you upgrade your botan1.10 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8armellibbotan-1.10-0< 1.10.8-2+deb8u2libbotan-1.10-0_1.10.8-2+deb8u2_armel.deb
Debian8powerpcbotan1.10-dbg< 1.10.8-2+deb8u2botan1.10-dbg_1.10.8-2+deb8u2_powerpc.deb
Debian8ppc64elbotan1.10-dbg< 1.10.8-2+deb8u2botan1.10-dbg_1.10.8-2+deb8u2_ppc64el.deb
Debian8kfreebsd-amd64libbotan-1.10-0< 1.10.8-2+deb8u2libbotan-1.10-0_1.10.8-2+deb8u2_kfreebsd-amd64.deb
Debian7armhfbotan1.10-dbg< 1.10.5-1+deb7u3botan1.10-dbg_1.10.5-1+deb7u3_armhf.deb
Debian8amd64botan1.10-dbg< 1.10.8-2+deb8u2botan1.10-dbg_1.10.8-2+deb8u2_amd64.deb
Debian8i386libbotan-1.10-0< 1.10.8-2+deb8u2libbotan-1.10-0_1.10.8-2+deb8u2_i386.deb
Debian8mipsellibbotan-1.10-0< 1.10.8-2+deb8u2libbotan-1.10-0_1.10.8-2+deb8u2_mipsel.deb
Debian8kfreebsd-i386botan1.10-dbg< 1.10.8-2+deb8u2botan1.10-dbg_1.10.8-2+deb8u2_kfreebsd-i386.deb
Debian8amd64libbotan-1.10-0< 1.10.8-2+deb8u2libbotan-1.10-0_1.10.8-2+deb8u2_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	armel	libbotan-1.10-0	< 1.10.8-2+deb8u2	libbotan-1.10-0_1.10.8-2+deb8u2_armel.deb
Debian	8	powerpc	botan1.10-dbg	< 1.10.8-2+deb8u2	botan1.10-dbg_1.10.8-2+deb8u2_powerpc.deb
Debian	8	ppc64el	botan1.10-dbg	< 1.10.8-2+deb8u2	botan1.10-dbg_1.10.8-2+deb8u2_ppc64el.deb
Debian	8	kfreebsd-amd64	libbotan-1.10-0	< 1.10.8-2+deb8u2	libbotan-1.10-0_1.10.8-2+deb8u2_kfreebsd-amd64.deb
Debian	7	armhf	botan1.10-dbg	< 1.10.5-1+deb7u3	botan1.10-dbg_1.10.5-1+deb7u3_armhf.deb
Debian	8	amd64	botan1.10-dbg	< 1.10.8-2+deb8u2	botan1.10-dbg_1.10.8-2+deb8u2_amd64.deb
Debian	8	i386	libbotan-1.10-0	< 1.10.8-2+deb8u2	libbotan-1.10-0_1.10.8-2+deb8u2_i386.deb
Debian	8	mipsel	libbotan-1.10-0	< 1.10.8-2+deb8u2	libbotan-1.10-0_1.10.8-2+deb8u2_mipsel.deb
Debian	8	kfreebsd-i386	botan1.10-dbg	< 1.10.8-2+deb8u2	botan1.10-dbg_1.10.8-2+deb8u2_kfreebsd-i386.deb
Debian	8	amd64	libbotan-1.10-0	< 1.10.8-2+deb8u2	libbotan-1.10-0_1.10.8-2+deb8u2_amd64.deb