Bugzilla – Bug 965621
VUL-0: CVE-2016-2194: botan: various flaws fixed in 1.11.27 and 1.10.11
Last modified: 2017-10-06 14:37:12 UTC
Quoting from RH: "2016-02-01 (CVE-2016-2194): Infinite loop in modulur square root algorithm The ressol function implements the Tonelli-Shanks algorithm for finding square roots could be sent into a nearly infinite loop due to a misplaced conditional check. This could occur if a composite modulus is provided, as this algorithm is only defined for primes. This function is exposed to attacker controlled input via the OS2ECP function during ECC point decompression. Found by AFL Introduced in 1.7.15, fixed in 1.11.27 and 1.10.11 External References: http://botan.randombit.net/security.html#id1 " References: https://bugzilla.redhat.com/show_bug.cgi?id=1305439 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2195
This is an autogenerated message for OBS integration: This bug (965621) was mentioned in https://build.opensuse.org/request/show/487622 Factory / Botan
SLE12 submitted, SLE 11 unaffected, back to security team for processing.
SUSE-SU-2017:1222-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 1013209,1033605,965620,965621,968025,968026,968030,974521,977420 CVE References: CVE-2014-9742,CVE-2015-5726,CVE-2015-5727,CVE-2015-7827,CVE-2016-2194,CVE-2016-2195,CVE-2016-2849,CVE-2016-9132,CVE-2017-2801 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP2 (src): Botan-1.10.9-3.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): Botan-1.10.9-3.1
released