Package "botan"
| Name: |
botan
|
Description: |
multiplatform crypto library (2.x version)
|
| Latest version: |
2.19.3+dfsg-1ubuntu2.1 |
| Release: |
oracular (24.10) |
| Level: |
security |
| Repository: |
universe |
| Homepage: |
https://botan.randombit.net/ |
Links
Download "botan"
Other versions of "botan" in Oracular
Packages in group
Deleted packages are displayed in grey.
Changelog
|
botan (2.19.3+dfsg-1ubuntu2.1) oracular-security; urgency=medium
* SECURITY UPDATE: Compiler Optimization Fault
- debian/patches/CVE-2024-50382-CVE-2024-50383.patch: Add more value
barriers to avoid compiler induced side channels
- CVE-2024-50382
- CVE-2024-50383
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2024-34702.patch: Address various name
constraint bugs
- debian/patches/CVE-2024-34703.patch: When decoding an arbitrary
elliptic curve, set an upper bound on length
- CVE-2024-34702
- CVE-2024-34703
* SECURITY UPDATE: Certificate Bypass
- debian/patches/CVE-2024-39312.patch: During X.509 verification,
first check the signatures
- CVE-2024-39312
-- Bruce Cable <email address hidden> Wed, 18 Jun 2025 14:08:40 +1000
|
| CVE-2024-50382 |
Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in |
| CVE-2024-50383 |
Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used i |
| CVE-2024-34702 |
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of |
| CVE-2024-34703 |
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of |
| CVE-2024-39312 |
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of |
|
About
-
Send Feedback to @ubuntu_updates
