Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 40: Security Advisory FEDORA-2024-7f42bafbdb Critical: Botan2 DoS

fedora
Calendar Grey July 20, 2024
Dist Fedora Esm H88
Stay updated on Fedora 40's latest security advisories for botan2. Critical vulnerabilities are addressed with necessary fixes, so monitor Fedora's channels for timely patches and upgrades.
Rebase to v2.19.5

Summary

Botan is a BSD-licensed crypto library written in C++. It provides a

wide variety of basic cryptographic algorithms, X.509 certificates and

CRLs, PKCS \#10 certificate requests, a filter/pipe message processing

system, and a wide variety of other features, all written in portable

C++. The API reference, tutorial, and examples may help impart the

flavor of the library. This is the current stable release branch 2.x

of Botan.

Update Information:

Rebase to v2.19.5

Topics%20covered

Topics Covered

security advisory Fedora DoS update information cryptography certificate validation Botan2

Change Log

* Thu Jul 11 2024 Frantisek Sumsal - 2.19.5-1 - Rebase to v2.19.5

References


[ 1 ] Bug #2294870 - CVE-2024-34703 botan2: botan: Denial of Service Due to Overly Large Elliptic Curve Parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2294870 [ 2 ] Bug #2295888 - CVE-2024-34703 botan2: Denial of Service Due to Overly Large Elliptic Curve Parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2295888 [ 3 ] Bug #2296358 - CVE-2024-39312 botan2: Improper certificate validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2296358 [ 4 ] Bug #2296360 - CVE-2024-34702 botan2: Assymetirc resource consumption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2296360

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-7f42bafbdb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: botan2
Product: Fedora 40
Version: 2.19.5
Release: 1.fc40
URL: https://botan.randombit.net/
Summary: Crypto and TLS for C++11

Topics%20covered

Topics Covered

security advisory Fedora DoS update information cryptography certificate validation Botan2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here