40 matches found
MGASA-2020-0308 Updated botan2 packages fix security vulnerability
The CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded to an attacker running a side channel attack via shared resources such as cache or branch predictor. No information about the contents was leaked, but the length...
Updated botan2 packages fix security vulnerability
The CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded to an attacker running a side channel attack via shared resources such as cache or branch predictor. No information about the contents was leaked, but the length...
Fedora: Security Advisory for botan2 (FEDORA-2020-539fd85292)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for botan2 (FEDORA-2020-f9a8f05df5)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 31 : botan2 (2020-f9a8f05df5)
Backport patch for 1849743 CBC padding side channel from 2.14.0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 32 : botan2 (2020-539fd85292)
Update to 2.14.0 including security fix Side channel during CBC padding. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
[SECURITY] Fedora 31 Update: botan2-2.11.0-3.fc31
Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...
[SECURITY] Fedora 32 Update: botan2-2.14.0-1.fc32
Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...
Fedora Update for botan2 FEDORA-2019-e0f5a82082
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 29 Update: botan2-2.9.0-1.fc29
Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...
Fedora 29 : botan2 (2019-e0f5a82082)
Update to 2.9.0 including security fix for CVE-2018-20187 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
FreeBSD : botan2 -- Side channel during ECC key generation (d8e7e854-17fa-11e9-bef6-6805ca2fa271)
botan2 developers reports : A timing side channel during ECC key generation could leak information about the high bits of the secret scalar. Such information allows an attacker to perform a brute-force attack on the key somewhat more efficiently than they would otherwise. Found by Jan Jancar usin...
Fedora 28 : botan2 (2018-eaa7de17ae)
Update Botan2 to 2.7.0. Focus of this release is on performance and side channel hardening. - Address side channels in RSA key generation and ECDSA signing - Side channel hardening in many core algorithms modular exponentiation, ECC scalar multiply, Karatsuba multiplication, Barrett reduction, et...
botan2 -- Side channel during ECC key generation
botan2 developers reports: A timing side channel during ECC key generation could leak information about the high bits of the secret scalar. Such information allows an attacker to perform a brute force attack on the key somewhat more efficiently than they would otherwise. Found by Ján Jančár using...
FreeBSD : botan2 -- ECDSA side channel (7762d7ad-2e38-41d2-9785-c51f653ba8bd)
botan2 developers report : A side channel in the ECDSA signature operation could allow a local attacker to recover the secret key. Found by Keegan Ryan of NCC Group. Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected. C Tenable Network Security, Inc. The descriptive text and...
Fedora Update for botan2 FEDORA-2018-98ab6b4e56
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for botan2 FEDORA-2018-eaa7de17ae
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 27 : botan2 (2018-98ab6b4e56)
Update Botan2 to 2.7.0. Focus of this release is on performance and side channel hardening. - Address side channels in RSA key generation and ECDSA signing - Side channel hardening in many core algorithms modular exponentiation, ECC scalar multiply, Karatsuba multiplication, Barrett reduction, et...
[SECURITY] Fedora 27 Update: botan2-2.7.0-1.fc27
Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...
botan2 -- ECDSA side channel
botan2 developers report: A side channel in the ECDSA signature operation could allow a local attacker to recover the secret key. Found by Keegan Ryan of NCC Group. Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected...