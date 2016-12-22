Name : botan

Product : Fedora 24

Version : 1.10.14

Release : 3.fc24

URL : http://botan.randombit.net/

Summary : Crypto library written in C++

Description :

Botan is a BSD-licensed crypto library written in C++. It provides a

wide variety of basic cryptographic algorithms, X.509 certificates and

CRLs, PKCS \#10 certificate requests, a filter/pipe message processing

system, and a wide variety of other features, all written in portable

C++. The API reference, tutorial, and examples may help impart the

flavor of the library.



-------------------------------------------------------------------------------

-

Update Information:



### Botan 1.10.14 ### * NOTE WELL: Botan 1.10.x is supported for security

patches only until 2017-12-31 * Fix integer overflow during BER decoding, found

by Falko Strenzke. This bug is not thought to be directly exploitable but

upgrading ASAP is advised. (CVE-2016-9132) * Fix two cases where (in error

situations) an exception would be thrown from a destructor, causing a call to

std::terminate. * When RC4 is disabled in the build, also prevent it from being

included in the OpenSSL provider. (GH #638)

-------------------------------------------------------------------------------

-

References:



[ 1 ] Bug #1400894 - CVE-2016-9132 botan: Integer overflow in BER decoder

https://bugzilla.redhat.com/show_bug.cgi?id=1400894

-------------------------------------------------------------------------------

-



-------------------------------------------------------------------------------

-

