Monday, June 23, 2025

[USN-7586-1] Botan vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7586-1
June 23, 2025

botan vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Botan.

Software Description:
- botan: C++ cryptography library

Details:

It was discovered that Botan could have compiler dependent operations
induced under certain circumstances. An attacker could possibly use this
issue to cause undefined behavior. (CVE-2024-50382, CVE-2024-50383)

Bing Shi discovered that Botan did not limit the size of certain inputs
when checking primality and name constraints. An attacker could possibly
use this issue to cause a denial of service. (CVE-2024-34702,
CVE-2024-34703)

It was discovered that Botan did not correctly handle conflicting name
constraints. An attacker could possibly use this issue to bypass
authentication. (CVE-2024-39312)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
botan 2.19.3+dfsg-1ubuntu2.1
libbotan-2-19 2.19.3+dfsg-1ubuntu2.1
libbotan-2-dev 2.19.3+dfsg-1ubuntu2.1
python3-botan 2.19.3+dfsg-1ubuntu2.1

Ubuntu 24.04 LTS
botan 2.19.3+dfsg-1ubuntu2+esm1
Available with Ubuntu Pro
libbotan-2-19 2.19.3+dfsg-1ubuntu2+esm1
Available with Ubuntu Pro
libbotan-2-dev 2.19.3+dfsg-1ubuntu2+esm1
Available with Ubuntu Pro
python3-botan 2.19.3+dfsg-1ubuntu2+esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
botan 2.19.1+dfsg-2ubuntu1+esm1
Available with Ubuntu Pro
libbotan-2-19 2.19.1+dfsg-2ubuntu1+esm1
Available with Ubuntu Pro
libbotan-2-dev 2.19.1+dfsg-2ubuntu1+esm1
Available with Ubuntu Pro
python3-botan 2.19.1+dfsg-2ubuntu1+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7586-1
CVE-2024-34702, CVE-2024-34703, CVE-2024-39312, CVE-2024-50382,
CVE-2024-50383

Package Information:
https://launchpad.net/ubuntu/+source/botan/2.19.3+dfsg-1ubuntu2.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)