Botan-3.6.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14429-1 Final 1 1 2024-10-27T00:00:00Z current 2024-10-27T00:00:00Z 2024-10-27T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Botan-3.6.0-1.1 on GA media These are all security issues fixed in the Botan-3.6.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14429 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UY4RL4FBV22PQSJS56OEWPJTGWTDJO2U/ E-Mail link for openSUSE-SU-2024:14429-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-50382/ SUSE CVE CVE-2024-50382 page openSUSE Tumbleweed Botan-3.6.0-1.1 Botan-doc-3.6.0-1.1 libbotan-3-6-3.6.0-1.1 libbotan-devel-3.6.0-1.1 python3-botan-3.6.0-1.1 Botan-3.6.0-1.1 as a component of openSUSE Tumbleweed Botan-doc-3.6.0-1.1 as a component of openSUSE Tumbleweed libbotan-3-6-3.6.0-1.1 as a component of openSUSE Tumbleweed libbotan-devel-3.6.0-1.1 as a component of openSUSE Tumbleweed python3-botan-3.6.0-1.1 as a component of openSUSE Tumbleweed Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V. CVE-2024-50382 openSUSE Tumbleweed:Botan-3.6.0-1.1 openSUSE Tumbleweed:Botan-doc-3.6.0-1.1 openSUSE Tumbleweed:libbotan-3-6-3.6.0-1.1 openSUSE Tumbleweed:libbotan-devel-3.6.0-1.1 openSUSE Tumbleweed:python3-botan-3.6.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UY4RL4FBV22PQSJS56OEWPJTGWTDJO2U/ https://www.suse.com/security/cve/CVE-2024-50382.html CVE-2024-50382 https://bugzilla.suse.com/1232300 SUSE Bug 1232300