Security update for Botan
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2017:1222-1
Final
1
1
2017-05-09T11:34:34Z
current
2017-05-09T11:34:34Z
2017-05-09T11:34:34Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for Botan
This update for Botan to version 1.10.9 fixes the following issues:
These security issues were fixed:
- CVE-2015-5726: The BER decoder in Botan 0.10.x allowed remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data (bsc#968025).
- CVE-2015-5727: The BER decoder in Botan 1.10.x allowed remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field (bsc#968026).
- CVE-2015-7827: Botan make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding (bsc#968030).
- CVE-2016-2849: Botan do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allowed remote attackers to obtain ECDSA secret keys via a timing side-channel attack (bsc#977420).
- CVE-2016-9132: In Botan 1.8.0 when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later caused memory corruption or other failure (bsc#1013209).
- CVE-2016-2194: The ressol function in Botan allowed remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus (bsc#965621).
- CVE-2016-2195: Integer overflow in the PointGFp constructor in Botan allowed remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow (bsc#965620).
- CVE-2017-2801: Incorrect comparison in X.509 DN strings (bsc#1033605).
- CVE-2014-9742: The Miller-Rabin primality check in Botan improperly used a single random base, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group (bsc#974521).
These non-security issues were fixed:
- Fixed EAX tag verification to run in constant time
- The default TLS policy now disables SSLv3.
- A crash could have occured when reading from a blocking random device if the
device initially indicated that entropy was available but a concurrent
process drained the entropy pool before the read was initiated.
- Fixed decoding indefinite length BER constructs that contain a context sensitive
tag of zero.
- The key length limit on HMAC has been raised to 512 bytes, allowing the use
of very long passphrases with PBKDF2.
- OAEP had two bugs, one of which allowed it to be used even if the key was
too small, and the other of which would cause a crash during decryption if
the EME data was too large for the associated key.
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-SDK-12-SP1-2017-723,SUSE-SLE-SDK-12-SP2-2017-723
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2017/suse-su-20171222-1/
Link for SUSE-SU-2017:1222-1
https://lists.suse.com/pipermail/sle-security-updates/2017-May/002851.html
E-Mail link for SUSE-SU-2017:1222-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1013209
SUSE Bug 1013209
https://bugzilla.suse.com/1033605
SUSE Bug 1033605
https://bugzilla.suse.com/965620
SUSE Bug 965620
https://bugzilla.suse.com/965621
SUSE Bug 965621
https://bugzilla.suse.com/968025
SUSE Bug 968025
https://bugzilla.suse.com/968026
SUSE Bug 968026
https://bugzilla.suse.com/968030
SUSE Bug 968030
https://bugzilla.suse.com/974521
SUSE Bug 974521
https://bugzilla.suse.com/977420
SUSE Bug 977420
https://www.suse.com/security/cve/CVE-2014-9742/
SUSE CVE CVE-2014-9742 page
https://www.suse.com/security/cve/CVE-2015-5726/
SUSE CVE CVE-2015-5726 page
https://www.suse.com/security/cve/CVE-2015-5727/
SUSE CVE CVE-2015-5727 page
https://www.suse.com/security/cve/CVE-2015-7827/
SUSE CVE CVE-2015-7827 page
https://www.suse.com/security/cve/CVE-2016-2194/
SUSE CVE CVE-2016-2194 page
https://www.suse.com/security/cve/CVE-2016-2195/
SUSE CVE CVE-2016-2195 page
https://www.suse.com/security/cve/CVE-2016-2849/
SUSE CVE CVE-2016-2849 page
https://www.suse.com/security/cve/CVE-2016-9132/
SUSE CVE CVE-2016-9132 page
https://www.suse.com/security/cve/CVE-2017-2801/
SUSE CVE CVE-2017-2801 page
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
libbotan-1_10-0-1.10.9-3.1
libbotan-devel-1.10.9-3.1
libbotan-1_10-0-1.10.9-3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1
libbotan-devel-1.10.9-3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1
libbotan-1_10-0-1.10.9-3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
libbotan-devel-1.10.9-3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group.
CVE-2014-9742
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-devel-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-devel-1.10.9-3.1
moderate
2.4
AV:L/AC:H/Au:S/C:P/I:P/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20171222-1/
https://www.suse.com/security/cve/CVE-2014-9742.html
CVE-2014-9742
https://bugzilla.suse.com/974521
SUSE Bug 974521
The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.
CVE-2015-5726
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-devel-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-devel-1.10.9-3.1
moderate
4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20171222-1/
https://www.suse.com/security/cve/CVE-2015-5726.html
CVE-2015-5726
https://bugzilla.suse.com/968025
SUSE Bug 968025
The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.
CVE-2015-5727
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-devel-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-devel-1.10.9-3.1
moderate
5
AV:N/AC:L/Au:N/C:N/I:N/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20171222-1/
https://www.suse.com/security/cve/CVE-2015-5727.html
CVE-2015-5727
https://bugzilla.suse.com/968026
SUSE Bug 968026
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
CVE-2015-7827
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-devel-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-devel-1.10.9-3.1
moderate
2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20171222-1/
https://www.suse.com/security/cve/CVE-2015-7827.html
CVE-2015-7827
https://bugzilla.suse.com/968030
SUSE Bug 968030
The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.
CVE-2016-2194
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-devel-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-devel-1.10.9-3.1
moderate
5
AV:N/AC:L/Au:N/C:N/I:N/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20171222-1/
https://www.suse.com/security/cve/CVE-2016-2194.html
CVE-2016-2194
https://bugzilla.suse.com/965618
SUSE Bug 965618
https://bugzilla.suse.com/965620
SUSE Bug 965620
https://bugzilla.suse.com/965621
SUSE Bug 965621
Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.
CVE-2016-2195
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-devel-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-devel-1.10.9-3.1
moderate
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20171222-1/
https://www.suse.com/security/cve/CVE-2016-2195.html
CVE-2016-2195
https://bugzilla.suse.com/965618
SUSE Bug 965618
https://bugzilla.suse.com/965620
SUSE Bug 965620
https://bugzilla.suse.com/965621
SUSE Bug 965621
Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.
CVE-2016-2849
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-devel-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-devel-1.10.9-3.1
moderate
1.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20171222-1/
https://www.suse.com/security/cve/CVE-2016-2849.html
CVE-2016-2849
https://bugzilla.suse.com/977420
SUSE Bug 977420
https://bugzilla.suse.com/977421
SUSE Bug 977421
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.
CVE-2016-9132
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-devel-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-devel-1.10.9-3.1
moderate
4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20171222-1/
https://www.suse.com/security/cve/CVE-2016-9132.html
CVE-2016-9132
https://bugzilla.suse.com/1013209
SUSE Bug 1013209
A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.
CVE-2017-2801
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libbotan-devel-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-1_10-0-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libbotan-devel-1.10.9-3.1
moderate
5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20171222-1/
https://www.suse.com/security/cve/CVE-2017-2801.html
CVE-2017-2801
https://bugzilla.suse.com/1033605
SUSE Bug 1033605