Mehrere Probleme in botan
ID: | FEDORA-2016-fe0d8f126a |
Distribution: | Fedora |
Plattformen: | Fedora 22 |
Datum: | Mo, 16. Mai 2016, 18:09 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7827 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2849 |
Applikationen: | botan |
Originalnachricht |
|
Name : botan Product : Fedora 22 Version : 1.10.13 Release : 1.fc22 URL : http://botan.randombit.net/ Summary : Crypto library written in C++ Description : Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library. -------------------------------------------------------------------------------- Update Information: From the upstream release notes: Botan 1.10.13 has been released backporting some side channel protections for ECDSA signatures (CVE-2016-2849) and PKCS #1 RSA decryption (CVE-2015-7827). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1311989 - CVE-2015-7827 botan: PKCS #1 decoding not in constant time https://bugzilla.redhat.com/show_bug.cgi?id=1311989 [ 2 ] Bug #1330875 - CVE-2016-2849 CVE-2016-2850 botan: two issues fixed in 1.11.29 https://bugzilla.redhat.com/show_bug.cgi?id=1330875 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update botan' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org |