SB2016051312 - Multiple vulnerabilities in Fedoraproject Fedora

Description

This security bulletin contains information about 3 vulnerabilities.

1) Input validation error (CVE-ID: CVE-2016-2850)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

2) Information disclosure (CVE-ID: CVE-2016-2849)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.

3) Information disclosure (CVE-ID: CVE-2015-7827)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.

Remediation

Install update from vendor's website.

References

• http://botan.randombit.net/security.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183669.html
• http://marc.info/?l=botan-devel&m=145852488622892&w=2
• https://security.gentoo.org/glsa/201701-23
• http://marc.info/?l=botan-devel&m=146185420505943&w=2
• http://www.debian.org/security/2016/dsa-3565