[SECURITY] Fedora 24 Update: botan-1.10.13-1.fc24
updates at fedoraproject.org
updates at fedoraproject.org
Sat May 7 12:21:54 UTC 2016
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-a545f81683
2016-05-07 11:36:53.840016
--------------------------------------------------------------------------------
Name : botan
Product : Fedora 24
Version : 1.10.13
Release : 1.fc24
URL : http://botan.randombit.net/
Summary : Crypto library written in C++
Description :
Botan is a BSD-licensed crypto library written in C++. It provides a
wide variety of basic cryptographic algorithms, X.509 certificates and
CRLs, PKCS \#10 certificate requests, a filter/pipe message processing
system, and a wide variety of other features, all written in portable
C++. The API reference, tutorial, and examples may help impart the
flavor of the library.
--------------------------------------------------------------------------------
Update Information:
>From the upstream release notes: Botan 1.10.13 has been released backporting
some side channel protections for ECDSA signatures (CVE-2016-2849) and PKCS #1
RSA decryption (CVE-2015-7827).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1311989 - CVE-2015-7827 botan: PKCS #1 decoding not in constant time
https://bugzilla.redhat.com/show_bug.cgi?id=1311989
[ 2 ] Bug #1330875 - CVE-2016-2849 CVE-2016-2850 botan: two issues fixed in 1.11.29
https://bugzilla.redhat.com/show_bug.cgi?id=1330875
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update botan' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list