628 matches found
Fedora Update for botan FEDORA-2017-d4248ba346
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2017:2855-1 Security update for Botan
This update for Botan fixes the following issues: This security issue was fixed: - CVE-2017-14737: A cryptographic cache-based side channel in the RSA implementation in Botan allowed a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occured because an...
[SECURITY] Fedora 26 Update: botan-1.10.17-1.fc26
Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...
[SECURITY] Fedora 25 Update: botan-1.10.17-1.fc25
Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...
[ASA-201710-17] botan: information disclosure
Arch Linux Security Advisory ASA-201710-17 ========================================== Severity: Medium Date : 2017-10-12 CVE-ID : CVE-2017-14737 Package : botan Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-416 Summary ======= The package botan before version...
Botan Design Vulnerability
Botan is a library of cryptographic algorithms in the C++ programming language that supports AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. A security vulnerability exists in the RSA implementation in Botan versions prior to 1.10.17, 1.11.x and 2.x prior to 2.3.0. A local attacker can exploit this...
CVE-2017-14737
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...
CVE-2017-14737
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...
Design/Logic Flaw
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...
CVE-2017-14737
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...
UBUNTU-CVE-2017-14737
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...
CVE-2017-14737
Botan contains a cache-based side-channel flaw in its RSA implementation that can let a local attacker recover bits of secret exponents used in RSA (and related operations). Affected are Botan versions before 1.10.17, and 1.11.x and 2.x before 2.3.0. The vulnerability arises from indexing a Montg...
CVE-2017-14737
Removed by vendor...
Randombit Botan Library X509 Certificate Validation Bypass Vulnerability(CVE-2017-2801)
Summary A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in...
MGASA-2017-0327 Updated botan packages fix security vulnerability
Aleksandar Nikolic discovered that an error in the x509 parser of the Botan crypto library could result in an out-of-bounds memory read, resulting in denial of service or an information leak if processing a malformed certificate CVE-2017-2801...
Updated botan packages fix security vulnerability
Aleksandar Nikolic discovered that an error in the x509 parser of the Botan crypto library could result in an out-of-bounds memory read, resulting in denial of service or an information leak if processing a malformed certificate CVE-2017-2801...
MGASA-2017-0321 Updated botan packages fix security vulnerabilities
While decoding BER length fields, an integer overflow could occur. This could occur while parsing untrusted inputs such as X.509 certificates. The overflow does not seem to lead to any obviously exploitable condition, but exploitation cannot be positively ruled out. Only 32-bit platforms are like...
Updated botan packages fix security vulnerabilities
While decoding BER length fields, an integer overflow could occur. This could occur while parsing untrusted inputs such as X.509 certificates. The overflow does not seem to lead to any obviously exploitable condition, but exploitation cannot be positively ruled out. Only 32-bit platforms are like...
[SECURITY] [DSA 3939-1] botan1.10 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3939-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 12, 2017 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-3939-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...