Sicherheit: Zahlenüberlauf in botan
Aktuelle Meldungen Distributionen
Name: Zahlenüberlauf in botan
ID: FEDORA-2016-3b59109c48
Distribution: Fedora
Plattformen: Fedora 25
Datum: Do, 22. Dezember 2016, 22:04
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9132
Applikationen: botan


Name        : botan
Product : Fedora 25
Version : 1.10.14
Release : 3.fc25
URL : http://botan.randombit.net/
Summary : Crypto library written in C++
Description :
Botan is a BSD-licensed crypto library written in C++. It provides a
wide variety of basic cryptographic algorithms, X.509 certificates and
CRLs, PKCS \#10 certificate requests, a filter/pipe message processing
system, and a wide variety of other features, all written in portable
C++. The API reference, tutorial, and examples may help impart the
flavor of the library.

Update Information:

### Botan 1.10.14 ### * NOTE WELL: Botan 1.10.x is supported for security
patches only until 2017-12-31 * Fix integer overflow during BER decoding, found
by Falko Strenzke. This bug is not thought to be directly exploitable but
upgrading ASAP is advised. (CVE-2016-9132) * Fix two cases where (in error
situations) an exception would be thrown from a destructor, causing a call to
std::terminate. * When RC4 is disabled in the build, also prevent it from being
included in the OpenSSL provider. (GH #638)

[ 1 ] Bug #1400894 - CVE-2016-9132 botan: Integer overflow in BER decoder

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade botan' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten