[prev in list] [next in list] [prev in thread] [next in thread]
List: botan-devel
Subject: [botan-devel] Botan 1.11.28 and 1.10.11 released with security fixes
From: "Jack Lloyd" <lloyd () randombit ! net>
Date: 2016-02-01 18:31:21
Message-ID: 20160201183121.GB21485 () randombit ! net
[Download RAW message or body]
Hi,
Botan 1.11.28 and 1.10.11 have been released today fixing several
critical security bugs including:
- A heap overflow in ECC multiplication which can be triggered from
attacker controlled inputs (CVE-2016-2195). This is likely usable
for remote code execution. Found by Alex Gaynor.
- An infinite loop in the modular square root algorithm (CVE-2016-2194).
This is exposed to untrusted input via the ECC point decompression
algorithm. Found by AFL.
- In 1.11.x only, a heap overflow of a single word (4 or 8 bytes) of
zeros during P-521 reduction (CVE-2016-2196). Found by AFL.
Especially the point multiplication overflow is quite critical, all
users of ECC should upgrade immediately.
http://botan.randombit.net/releases/Botan-1.11.28.tgz
http://botan.randombit.net/releases/Botan-1.11.28.tgz.asc
http://botan.randombit.net/releases/Botan-1.10.11.tgz
http://botan.randombit.net/releases/Botan-1.10.11.tgz.asc
Best,
Jack
_______________________________________________
botan-devel mailing list
botan-devel@randombit.net
http://lists.randombit.net/mailman/listinfo/botan-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic