Summary: | <dev-libs/botan-{1.10.13,1.11.29}: two vulnerabilities (CVE-2016-2849,2850) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | alonbl, crypto+disabled, lloyd, proxy-maint |
Priority: | Normal | Flags: | kensington:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1330875 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: |
dev-libs/botan-1.10.13
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-04-27 08:26:13 UTC
botan-1.11.29 in tree. Lots of changes, we will have to wait for a while before stabilize. @ Maintainer(s): Can we please get an status update? The mask from 2013-09-13 is still place so it looks like no progress were made. (In reply to Thomas Deutschmann from comment #2) > @ Maintainer(s): Can we please get an status update? The mask from > 2013-09-13 is still place so it looks like no progress were made. Question... Current Development Work (1.11) Old Stable Series (1.10) I do not entirely understand what is "old stable series". There is a release of 1.10.13 that fixes some of the CVEs, is this sufficient to make it stable? --- https://botan.randombit.net/news.html#version-1-10-13-2016-04-23 Version 1.10.13, 2016-04-23ΒΆ Use constant time modular inverse algorithm to avoid possible side channel attack against ECDSA (CVE-2016-2849) Use constant time PKCS #1 unpadding to avoid possible side channel attack against RSA decryption (CVE-2015-7827) Avoid a compilation problem in OpenSSL engine when ECDSA was disabled. Gentoo bug 542010 --- Otherwise we will stable the latest. Thanks! @ Maintainer(s): For security it is enough to stabilize =dev-libs/botan-1.10.13. The v1.11 branch was never stable. But if you want we can stabilize =dev-libs/botan-1.11.33 but then you have to cleanup previous versions, so make sure that v1.11.x works for all consumers... Please let us know if you have decided how to proceed. Ok, let's stabilize dev-libs/botan-1.10.13 Thanks! amd64 stable x86 stable CVE-2016-2849 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2849): Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack. sparc stable ppc stable ppc64 stable Stable for HPPA. GLSA Vote: Yes The possibility that an attacker could recover the ECDSA secret key warrants a GLSA. New GLSA request filed. @ Maintainer(s): Please drop =dev-libs/botan-1.10.12! (In reply to Thomas Deutschmann from comment #13) > @ Maintainer(s): Please drop =dev-libs/botan-1.10.12! Done. @ Maintainer(s): Thank you! This issue was resolved and addressed in GLSA 201701-23 at https://security.gentoo.org/glsa/201701-23 by GLSA coordinator Aaron Bauman (b-man). |