SUSE Package Hub - openSUSE-2024-343

Update Info

openSUSE-2024-343

Security update for Botan

Type: security

Severity: moderate

Issued: 2024-10-30

Description:

This update for Botan fixes the following issues:

- Fixed CVE-2024-50382, CVE-2024-50383 - various compiler-induced side channel in GHASH when certain LLVM/GCC versions are used to compile Botan.

References

CVE: CVE-2024-50383
CVE: CVE-2024-50382
Bugzilla: 1232301 VUL-0: CVE-2024-50382: Botan: Botan: compiler-induced side channel in GHASH when certain LLVM versions are used to compile Botan
Bugzilla: 1232300 VUL-0: CVE-2024-50382: TRACKERBUG: Botan: compiler-induced side channel in GHASH when certain LLVM versions are used to compile Botan
Bugzilla: 1232297 VUL-0: CVE-2024-50383: Botan: Botan: compiler-induced side channel in donna128 when certain GCC versions are used to compile Botan
Bugzilla: 1232296 VUL-0: CVE-2024-50383: TRACKERBUG: Botan: compiler-induced side channel in donna128 when certain GCC versions are used to compile Botan

Packages

Botan-2.19.5-bp156.3.6.1