Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories» Fedora » botan 1.10.13 updates

botan 1.10.13 updates

From the upstream release notes: Botan 1.10.13 has been released backporting some side channel protections for ECDSA signatures (CVE-2016-2849) and PKCS #1 RSA decryption (CVE-2015-7827).

  • Vendor: Fedora
  • Vendor ID: FEDORA-2016-fe0d8f126a
  • Date: May 16, 2016


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-fe0d8f126a
2016-05-16 14:06:57.684875
--------------------------------------------------------------------------------

Name : botan
Product : Fedora 22
Version : 1.10.13
Release : 1.fc22
URL : http://botan.randombit.net/
Summary : Crypto library written in C++
Description :
Botan is a BSD-licensed crypto library written in C++. It provides a
wide variety of basic cryptographic algorithms, X.509 certificates and
CRLs, PKCS \#10 certificate requests, a filter/pipe message processing
system, and a wide variety of other features, all written in portable
C++. The API reference, tutorial, and examples may help impart the
flavor of the library.

--------------------------------------------------------------------------------
Update Information:

From the upstream release notes: Botan 1.10.13 has been released backporting
some side channel protections for ECDSA signatures (CVE-2016-2849) and PKCS #1
RSA decryption (CVE-2015-7827).
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1311989 - CVE-2015-7827 botan: PKCS #1 decoding not in constant time
https://bugzilla.redhat.com/show_bug.cgi?id=1311989
[ 2 ] Bug #1330875 - CVE-2016-2849 CVE-2016-2850 botan: two issues fixed in 1.11.29
https://bugzilla.redhat.com/show_bug.cgi?id=1330875
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update botan' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
http://lists.fedoraproject.org/admin/lists/package-announ...

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »