Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 429
Alerts This Week
Warning Icon 1 429

Debian DSA-3939-1: Important Botan DoS Vulnerability and Solution

debian
Calendar Grey August 12, 2017
Debian Logo
A significant patch for the Botan encryption library on Debian addresses a memory flaw that can trigger service interruptions and data leaks.
Aleksandar Nikolic discovered that an error in the x509 parser of the Botan crypto library could result in an out-of-bounds memory read, resulting in denial of service or an inform...

Summary

Aleksandar Nikolic discovered that an error in the x509 parser of the
Botan crypto library could result in an out-of-bounds memory read,
resulting in denial of service or an information leak if processing
a malformed certificate.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.10.8-2+deb8u2.

For the stable distribution (stretch), this problem has been fixed
prior to the initial release.

We recommend that you upgrade your botan1.10 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
important
Lowest
Low
Medium
High
Critical

Package: botan1.10
CVE ID: CVE-2017-2801

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.