Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 39: 2024-6d84a608f1 Critical: botan2 Denial of Service Fix

fedora
Calendar Grey July 20, 2024
Dist Fedora Esm H88
The recent rollout of botan2 v2.19.5 for Fedora 39 tackles significant security vulnerabilities, providing resolutions for Denial of Service scenarios.
Rebase to v2.19.5

Summary

Botan is a BSD-licensed crypto library written in C++. It provides a

wide variety of basic cryptographic algorithms, X.509 certificates and

CRLs, PKCS \#10 certificate requests, a filter/pipe message processing

system, and a wide variety of other features, all written in portable

C++. The API reference, tutorial, and examples may help impart the

flavor of the library. This is the current stable release branch 2.x

of Botan.

Update Information:

Rebase to v2.19.5

Topics%20covered

Topics Covered

security advisory Fedora Denial of Service resource consumption botan2

Change Log

* Thu Jul 11 2024 Frantisek Sumsal - 2.19.5-1 - Rebase to v2.19.5 * Thu Apr 4 2024 Thomas Moschny - 2.19.4-1 - Update to 2.19.4. * Sun Feb 11 2024 Frantisek Sumsal - 2.19.3-8 - Fix test_compress with zlib-ng (rhbz#2261019) * Tue Jan 23 2024 Fedora Release Engineering - 2.19.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering - 2.19.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

References


[ 1 ] Bug #2294870 - CVE-2024-34703 botan2: botan: Denial of Service Due to Overly Large Elliptic Curve Parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2294870 [ 2 ] Bug #2295888 - CVE-2024-34703 botan2: Denial of Service Due to Overly Large Elliptic Curve Parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2295888 [ 3 ] Bug #2296358 - CVE-2024-39312 botan2: Improper certificate validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2296358 [ 4 ] Bug #2296360 - CVE-2024-34702 botan2: Assymetirc resource consumption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2296360

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-6d84a608f1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: botan2
Product: Fedora 39
Version: 2.19.5
Release: 1.fc39
URL: https://botan.randombit.net/
Summary: Crypto and TLS for C++11

Topics%20covered

Topics Covered

security advisory Fedora Denial of Service resource consumption botan2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here