Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 1 articles for you...
203

Mageia 9: Notice on Botan2 CVE-2024-50384 Denial of Service MGASA-2025-0296

MGASA-2025-0295 - Updated botan2 packages fix security vulnerabilitiy. MGASA-2025-0295 - Updated botan2 packages fix security vulnerabilitiy Publication date: 15 Nov 2025 URL: https://advisories.mageia.org/MGASA-2025-0295.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-50383 Description: Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i386 (only 32-bit processors can be affected). (CVE-2024-50383) References: - https://bugs.mageia.org/show_bug.cgi?id=34391 - https://ubuntu.com/security/notices/USN-7586-1 - https://www.cve.org/CVERecord?id=CVE-2024-50383 SRPMS: - 9/core/botan2-2.19.5-1.1.mga9 . Updated botan2 packages for Mageia fix critical CVE-2024-50383 vulnerability affecting GCC users.. Mageia botan2 security update, botan2 vulnerability, botan2 critical CVE-2024-50383, Mageia 9 security fix. . LinuxSecurity.com Team

Calendar%202 Nov 15, 2025 Mageia
203

Mageia 9: MGASA-2024-0297 Critical ECDSA Security Patch

An attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known . MGASA-2024-0297 - Updated botan2 packages fix security vulnerability Publication date: 13 Sep 2024 URL: https://advisories.mageia.org/MGASA-2024-0297.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-34703 An attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan. References: - https://bugs.mageia.org/show_bug.cgi?id=33429 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/QNLPSUOQTRVMV6WYZLISDVNWVFZEBQR5/ - https://www.cve.org/CVERecord?id=CVE-2024-34703 SRPMS: - 9/core/botan2-2.19.5-1.mga9 . The latest botan2 updates tackle a critical ECDSA vulnerability in Mageia 9, launched on September 13, 2024, enhancing overall performance.. ECDSA, Mageia, Botan2, Security Patch, Certification. . LinuxSecurity.com Team

Calendar%202 Sep 13, 2024 Mageia
89

Fedora 39: 2024-6d84a608f1 Critical: botan2 Denial of Service Fix

Rebase to v2.19.5. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-6d84a608f1 2024-07-20 03:25:19.278106 -------------------------------------------------------------------------------- Name : botan2 Product : Fedora 39 Version : 2.19.5 Release : 1.fc39 URL : https://botan.randombit.net/ Summary : Crypto and TLS for C++11 Description : Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library. This is the current stable release branch 2.x of Botan. -------------------------------------------------------------------------------- Update Information: Rebase to v2.19.5 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 11 2024 Frantisek Sumsal - 2.19.5-1 - Rebase to v2.19.5 * Thu Apr 4 2024 Thomas Moschny - 2.19.4-1 - Update to 2.19.4. * Sun Feb 11 2024 Frantisek Sumsal - 2.19.3-8 - Fix test_compress with zlib-ng (rhbz#2261019) * Tue Jan 23 2024 Fedora Release Engineering - 2.19.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering - 2.19.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2294870 - CVE-2024-34703 botan2: botan: Denial of Service Due to Overly Large Elliptic Curve Parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2294870 [ 2 ] Bug #2295888 - CVE-2024-34703 botan2: Denial of Service Due to Overly Large Elliptic Curve Parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2295888 [ 3 ] Bug #2296358 - CVE-2024-39312 botan2: Improper certificate validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2296358 [ 4 ] Bug #2296360 - CVE-2024-34702 botan2: Assymetirc resource consumption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2296360 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-6d84a608f1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . The recent rollout of botan2 v2.19.5 for Fedora 39 tackles significant security vulnerabilities, providing resolutions for Denial of Service scenarios.. Fedora 39 Security,Botan2 Update,Crypto Library Update,DOS Fix,Resource Consumption. . LinuxSecurity.com Team

Calendar%202 Jul 20, 2024 Fedora
203

Mageia 8 MGASA-2021-0563 Critical: Botan2 Plaintext Recovery Issue

Updated botan2 packages fix security vulnerability: The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the . MGASA-2021-0563 - Updated botan2 packages fix security vulnerability Publication date: 19 Dec 2021 URL: https://advisories.mageia.org/MGASA-2021-0563.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-40529 Updated botan2 packages fix security vulnerability: The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP (CVE-2021-40529). References: - https://bugs.mageia.org/show_bug.cgi?id=29659 - https://www.cve.org/CVERecord?id=CVE-2021-40529 SRPMS: - 8/core/botan2-2.17.3-2.1.mga8 . The latest botan2 updates rectify a vulnerability in the ElGamal algorithm, which permitted the extraction of plaintext in Mageia systems.. Botan2 Security Update, Mageia Advisory, ElGamal Vulnerability, Crypto Package Update. . LinuxSecurity.com Team

Calendar%202 Dec 19, 2021 Mageia
89

Critical Advisory for Fedora 34: CVE-2021-40529 Plaintext Recovery Risk

Security fix for CVE-2021-40529. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-8d51cac49f 2021-11-16 15:40:24.255692 --------------------------------------------------------------------------------Name : botan2 Product : Fedora 34 Version : 2.17.3 Release : 4.fc34 URL : https://botan.randombit.net/ Summary : Crypto and TLS for C++11 Description : Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library. This is the current stable release branch 2.x of Botan. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2021-40529 --------------------------------------------------------------------------------ChangeLog: * Sun Nov 7 2021 Ben Kircher - 2.17.3-4 - Backport patch for #2002827 (Fix short exponents with ElGamal) from 2.18.2 --------------------------------------------------------------------------------References: [ 1 ] Bug #2002825 - CVE-2021-40529 botan: ElGamal implementation allows plaintext recovery https://bugzilla.redhat.com/show_bug.cgi?id=2002825 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-8d51cac49f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . A patch in botan2 for CVE-2021-40529 on Fedora 34 resolves issues related to unauthorized plaintext exposure.. Fedora Update, Crypto Library, Botan2 Security Fix, Plaintext Recovery. . LinuxSecurity.com Team

Calendar%202 Nov 16, 2021 Fedora
89

Fedora 35: FEDORA-2021-14b0d97496 Critical Botan2 ElGamal Issue

Security fix for CVE-2021-40529. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-14b0d97496 2021-11-12 00:37:35.342470 --------------------------------------------------------------------------------Name : botan2 Product : Fedora 35 Version : 2.18.2 Release : 1.fc35 URL : https://botan.randombit.net/ Summary : Crypto and TLS for C++11 Description : Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library. This is the current stable release branch 2.x of Botan. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2021-40529 --------------------------------------------------------------------------------ChangeLog: * Mon Nov 1 2021 Benjamin Kircher - 2.18.2-1 - Update to 2.18.2 * Sun Aug 1 2021 Benjamin Kircher - 2.18.1-1 - Update to 2.18.1 - Fix a FTBFS (#1987388) * Wed Jul 21 2021 Fedora Release Engineering - 2.18.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2002825 - CVE-2021-40529 botan: ElGamal implementation allows plaintext recovery https://bugzilla.redhat.com/show_bug.cgi?id=2002825 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-14b0d97496' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed withthe Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . A patch for botan2 in Fedora 35 resolves CVE-2021-40529, bolstering cryptographic reliability.. botan2 update, Fedora software, cryptographic functions. . LinuxSecurity.com Team

Calendar%202 Nov 11, 2021 Fedora
203

Mageia 7: MGASA-2021-0329 Critical: Botan2 Encoding Issue

Updated botan2 packages fix security vulnerability: In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex) (CVE-2021-24115). . MGASA-2021-0329 - Updated botan2 packages fix security vulnerability Publication date: 10 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0329.html Type: security Affected Mageia releases: 7 CVE: CVE-2021-24115 Updated botan2 packages fix security vulnerability: In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex) (CVE-2021-24115). References: - https://bugs.mageia.org/show_bug.cgi?id=29057 - - https://www.cve.org/CVERecord?id=CVE-2021-24115 SRPMS: - 7/core/botan2-2.9.0-2.2.mga7 . Revised cryptography packages tackle a vital issue by implementing secure algorithms to remedy earlier vulnerabilities.. Mageia Security, Botan2 Update, Security Threats, Encoding, Decoding. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2021 Mageia
203

Mageia: 2020-0308 Moderate: Botan2 CBC Length Leak Issue

The CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded to an attacker running a side channel attack via shared resources such as cache or branch predictor. No information about the contents was leaked, but the length alone might be used to make inferences about the contents. This issue affects TLS CBC . MGASA-2020-0308 - Updated botan2 packages fix security vulnerability Publication date: 31 Jul 2020 URL: https://advisories.mageia.org/MGASA-2020-0308.html Type: security Affected Mageia releases: 7 The CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded to an attacker running a side channel attack via shared resources such as cache or branch predictor. No information about the contents was leaked, but the length alone might be used to make inferences about the contents. This issue affects TLS CBC ciphersuites as well as CBC encryption using PKCS7 or other similar padding mechanisms. In all cases, the unpadding operations were already constant time and are not affected (rhbz#1849743). References: - https://bugs.mageia.org/show_bug.cgi?id=26955 - https://bugzilla.redhat.com/show_bug.cgi?id=1849743 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/Q5LBXWVOCUQCEGOOMVMLI4WVTQ5DT4RG/ SRPMS: - 7/core/botan2-2.9.0-2.1.mga7 . Recent botan2 updates address a vulnerability that caused length leakage linked to CBC padding processes in Mageia.. Botan2 Security, Mageia Advisory, CBC Padding Issue, Side Channel Attack. . LinuxSecurity.com Team

Calendar%202 Jul 31, 2020 Mageia
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200