Debian: Security Advisory (DLA-449-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2016-0208)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: A vulnerability in Open Source Botan affects IBM Netezza Platform Software clients (CVE-2016-2849).

Summary Open Source Botan is used by IBM Netezza Platform Software . IBM Netezza Platform Software has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-2849 DESCRIPTION: Botan could allow a remote attacker to obtain sensitive information, caused by the failure to use a...

GLSA-201701-23 : Botan: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201701-23 Botan: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Botan. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might obtain ECDSA secret keys via a timi...

Fedora 23 : botan (2016-f2aae0dbc5)

From the upstream release notes : Botan 1.10.13 has been released backporting some side channel protections for ECDSA signatures CVE-2016-2849 and PKCS 1 RSA decryption CVE-2015-7827. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...

Fedora 22 : botan (2016-fe0d8f126a)

From the upstream release notes : Botan 1.10.13 has been released backporting some side channel protections for ECDSA signatures CVE-2016-2849 and PKCS 1 RSA decryption CVE-2015-7827. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...

FreeBSD : botan -- multiple vulnerabilities (ac0900df-31d0-11e6-8e82-002590263bf5)

Jack Lloyd reports : Botan 1.10.13 has been released backporting some side channel protections for ECDSA signatures CVE-2016-2849 and PKCS 1 RSA decryption CVE-2015-7827. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

Fedora Update for botan FEDORA-2016-fe0d8f126a

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated botan packages fix security vulnerabilities

Updated botan packages fix security vulnerabilities: During RSA decryption, how long decoding of PKCS 1 v1.5 padding took was input dependent. If these differences could be measured by an attacker, it could be used to mount a Bleichenbacher million-message attack CVE-2015-7827. ECDSA and DSA...

CVE-2016-2849

CVE-2016-2849 affects Botan: the library did not use a constant-time algorithm for modular inverse during ECDSA signing, enabling timing side-channel leakage that could reveal ECDSA secret keys. Affected are Botan versions before 1.10.13 and 1.11.x before 1.11.29. Impact is a remote attacker pote...

Fedora 24 : botan-1.10.13-1.fc24 (2016-a545f81683)

From the upstream release notes: Botan 1.10.13 has been released backporting some side channel protections for ECDSA signatures CVE-2016-2849 and PKCS 1 RSA decryption CVE-2015-7827. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...

Debian DSA-3565-1 : botan1.10 - security update

Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs. - CVE-2015-5726 The BER decoder would crash due to reading from offset 0 of an empty vector...

[SECURITY] [DSA 3565-1] botan1.10 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3565-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 02, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3565-1] botan1.10 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3565-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 02, 2016 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3565-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-449-1 botan1.10 - security update

Bulletin has no description...

botan: multiple issues

CVE-2016-2849 ECDSA side channel: ECDSA and DSA signature algorithms perform a modular inverse on the signature nonce k. The modular inverse algorithm used had input dependent loops, and it is possible a side channel attack could recover sufficient information about the nonce to eventually...