Описание
Security update for Botan
This update for Botan fixes the following issues:
-
CVE-2015-7827: PKCS #1 v1.5 decoding was not constant time, it could be used to mount a Bleichenbacher million-message attack (bsc#968030)
-
CVE-2016-9132: While decoding BER length fields, an integer overflow could occur leading to a denial-of-service (bsc#1013209)
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2017:1305-1
- E-Mail link for SUSE-SU-2017:1305-1
- SUSE Security Ratings
- SUSE Bug 1013209
- SUSE Bug 968030
- SUSE CVE CVE-2015-7827 page
- SUSE CVE CVE-2016-9132 page
Описание
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
Затронутые продукты
Ссылки
- CVE-2015-7827
- SUSE Bug 968030
Описание
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.
Затронутые продукты
Ссылки
- CVE-2016-9132
- SUSE Bug 1013209