Multiple vulnerabilities in Fedoraproject Fedora
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2016-2850 CVE-2016-2849 CVE-2015-7827 |
| CWE-ID | CWE-20 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Fedora Operating systems & Components / Operating system Debian Linux Operating systems & Components / Operating system Botan Universal components / Libraries / Libraries used by multiple products |
| Vendor |
Fedoraproject Randombit Debian |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU40296
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2850
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsFedora: 24
Botan: 1.11.0 - 24
External linkshttp://botan.randombit.net/security.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183669.html
http://marc.info/?l=botan-devel&m=145852488622892&w=2
http://security.gentoo.org/glsa/201701-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU40297
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2849
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDebian Linux: 8.0
Fedora: 24
Botan: 1.10.12 - 24
External linkshttp://botan.randombit.net/security.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183669.html
http://marc.info/?l=botan-devel&m=146185420505943&w=2
http://www.debian.org/security/2016/dsa-3565
http://security.gentoo.org/glsa/201701-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU40301
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-7827
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
MitigationInstall update from vendor's website.
Vulnerable software versionsFedora: 24
Botan: 1.11.0 - 24
Debian Linux: 1.11.0 - 24
External linkshttp://botan.randombit.net/security.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183669.html
http://marc.info/?l=botan-devel&m=146185420505943&w=2
http://www.debian.org/security/2016/dsa-3565
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
