Mageia: 2020-0308 Moderate: Botan2 CBC Length Leak Issue
mageia
July 31, 2020
The CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded to an attacker running a side channel attack...
Summary
The CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded to an attacker running a side channel attack via shared resources such as cache or branch predictor. No information about the contents was leaked, but the length alone might be used to make inferences about the contents. This issue affects TLS CBC
References
- https://bugs.mageia.org/show_bug.cgi?id=26955
- https://bugzilla.redhat.com/show_bug.cgi?id=1849743
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Q5LBXWVOCUQCEGOOMVMLI4WVTQ5DT4RG/
Resolution
SRPMS
- 7/core/botan2-2.9.0-2.1.mga7
PREVIOUS
NEXT
Publication date: 31 Jul 2020
URL: https://advisories.mageia.org/MGASA-2020-0308.html
Type: security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!