-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-fe0d8f126a 2016-05-16 14:06:57.684875 --------------------------------------------------------------------------------
Name : botan Product : Fedora 22 Version : 1.10.13 Release : 1.fc22 URL : http://botan.randombit.net/ Summary : Crypto library written in C++ Description : Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS #10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library.
-------------------------------------------------------------------------------- Update Information:
From the upstream release notes: Botan 1.10.13 has been released backporting some side channel protections for ECDSA signatures (CVE-2016-2849) and PKCS #1 RSA decryption (CVE-2015-7827). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1311989 - CVE-2015-7827 botan: PKCS #1 decoding not in constant time https://bugzilla.redhat.com/show_bug.cgi?id=1311989 [ 2 ] Bug #1330875 - CVE-2016-2849 CVE-2016-2850 botan: two issues fixed in 1.11.29 https://bugzilla.redhat.com/show_bug.cgi?id=1330875 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update botan' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------