Bug 18356 - botan new security issues CVE-2015-7827 and CVE-2016-2849
Summary: botan new security issues CVE-2015-7827 and CVE-2016-2849
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/685873/
Whiteboard: has_procedure advisory MGA5-64-OK MGA...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2016-05-04 19:55 CEST by David Walser
Modified: 2016-05-29 15:56 CEST (History)
5 users (show)

See Also:
Source RPM: botan-1.10.12-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-05-04 19:55:08 CEST 
Debian has issued an advisory on May 2:
https://www.debian.org/security/2016/dsa-3565

It addresses two issues that we didn't address in our previous update in Bug 17737.
Comment 1 David Walser 2016-05-04 19:55:34 CEST 
LWN reference for CVE-2016-2849:
http://lwn.net/Vulnerabilities/681390/

CC: (none) => oe
Whiteboard: (none) => MGA5TOO

Comment 2 Marja Van Waes 2016-05-04 20:24:44 CEST 
Assigning to maintainer

CC: (none) => marja11
Assignee: bugsquad => shlomif

Comment 3 David Walser 2016-05-18 23:33:05 CEST 
Patched packages uploaded for Mageia 5 and Cauldron.

Testing ideas in Bug 17737.

Advisory:
========================

Updated botan packages fix security vulnerabilities:

During RSA decryption, how long decoding of PKCS #1 v1.5 padding took was input
dependent. If these differences could be measured by an attacker, it could be
used to mount a Bleichenbacher million-message attack (CVE-2015-7827).

ECDSA (and DSA) signature algorithms perform a modular inverse on the signature
nonce k. The modular inverse algorithm used had input dependent loops, and it
is possible a side channel attack could recover sufficient information about
the nonce to eventually recover the ECDSA secret key (CVE-2016-2849).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2849
https://botan.randombit.net/security.html
https://www.debian.org/security/2016/dsa-3565
========================

Updated packages in core/updates_testing:
========================
libbotan1-1.10.12-1.1.mga5
libbotan-devel-1.10.12-1.1.mga5
libbotan-static-devel-1.10.12-1.1.mga5

from botan-1.10.12-1.1.mga5.src.rpm

CC: (none) => shlomif
Version: Cauldron => 5
Assignee: shlomif => qa-bugs
Whiteboard: MGA5TOO => has_procedure

Comment 4 David Walser 2016-05-23 02:42:45 CEST 
Advisory added in SVN.  Perhaps someone could check the formatting.

Whiteboard: has_procedure => has_procedure advisory

Comment 5 Shlomi Fish 2016-05-25 22:26:13 CEST 
mtn genkey works fine on mga5 x86-64 with the new botan. Can I mark it as OK?
Comment 6 Shlomi Fish 2016-05-25 22:41:03 CEST 
marking as mga5-64-ok

Whiteboard: has_procedure advisory => has_procedure advisory MGA5-64-OK

Comment 7 Shlomi Fish 2016-05-25 22:48:54 CEST 
And works fine on an i586 VM.

Whiteboard: has_procedure advisory MGA5-64-OK => has_procedure advisory MGA5-64-OK MGA5-32-OK

Dave Hodgins 2016-05-27 14:06:12 CEST

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 8 Mageia Robot 2016-05-29 15:56:00 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0208.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.