[prev in list] [next in list] [prev in thread] [next in thread] 

List:       botan-devel
Subject:    [botan-devel] Botan 1.11.28 and 1.10.11 released with security fixes
From:       "Jack Lloyd" <lloyd () randombit ! net>
Date:       2016-02-01 18:31:21
Message-ID: 20160201183121.GB21485 () randombit ! net
[Download RAW message or body]

Hi,

Botan 1.11.28 and 1.10.11 have been released today fixing several
critical security bugs including:

- A heap overflow in ECC multiplication which can be triggered from
  attacker controlled inputs (CVE-2016-2195). This is likely usable
  for remote code execution. Found by Alex Gaynor.

- An infinite loop in the modular square root algorithm (CVE-2016-2194).
  This is exposed to untrusted input via the ECC point decompression
  algorithm. Found by AFL.

- In 1.11.x only, a heap overflow of a single word (4 or 8 bytes) of
  zeros during P-521 reduction (CVE-2016-2196). Found by AFL.

Especially the point multiplication overflow is quite critical, all
users of ECC should upgrade immediately.

http://botan.randombit.net/releases/Botan-1.11.28.tgz
http://botan.randombit.net/releases/Botan-1.11.28.tgz.asc
http://botan.randombit.net/releases/Botan-1.10.11.tgz
http://botan.randombit.net/releases/Botan-1.10.11.tgz.asc

Best,
  Jack
_______________________________________________
botan-devel mailing list
botan-devel@randombit.net
http://lists.randombit.net/mailman/listinfo/botan-devel
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic