Mageia 9: MGASA-2024-0297 Critical ECDSA Security Patch
mageia
September 13, 2024
An attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large
Summary
An attacker could present an ECDSA X.509 certificate using explicit
encoding where the parameters are very large.
When parsing, the parameter is checked to be prime, causing excessive
computation. This was patched in 2.19.4 and 3.3.0 to allow the prime
parameter of the elliptic curve to be at most 521 bits. No known
workarounds are available. Note that support for explicit encoding of
elliptic curve parameters is deprecated in Botan.
References
- https://bugs.mageia.org/show_bug.cgi?id=33429
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNLPSUOQTRVMV6WYZLISDVNWVFZEBQR5/
- https://www.cve.org/CVERecord?id=CVE-2024-34703
Resolution
SRPMS
- 9/core/botan2-2.19.5-1.mga9
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 13 Sep 2024
URL: https://advisories.mageia.org/MGASA-2024-0297.html
Type: security
CVE: CVE-2024-34703
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!