SUSE Package Hub - openSUSE-2024-202

Update Info

openSUSE-2024-202

Security update for Botan

Type: security

Severity: moderate

Issued: 2024-07-16

Description:

This update for Botan fixes the following issues:

Update to 2.19.5:

* Fix multiple Denial of service attacks due to X.509 cert processing:
* CVE-2024-34702 - boo#1227238
* CVE-2024-34703 - boo#1227607
* CVE-2024-39312 - boo#1227608
* Fix a crash in OCB
* Fix a test failure in compression with certain versions of zlib 
* Fix some iterator debugging errors in TLS CBC decryption. 
* Avoid a miscompilation in ARIA when using XCode 14

References

CVE: CVE-2024-39312
CVE: CVE-2024-34703
CVE: CVE-2024-34702
Bugzilla: 1227608 VUL-0: CVE-2024-39312: Botan: Improper certificate validation
Bugzilla: 1227607 VUL-0: CVE-2024-34702: Botan: Assymetric resource consumption
Bugzilla: 1227238 VUL-0: CVE-2024-34703: TRACKERBUG: Botan: denial of service due to overly large elliptic curve parameters

Packages

Botan-2.19.5-bp156.3.3.1