openSUSE has issued an advisory on May 22: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/66VDUR6MFH345POI2NK4EL4N3NCJVT5O/ The issue is fixed upstream in 2.17.3.
CC: (none) => geiger.david68210Status comment: (none) => Patch available from openSUSE
Cauldron has not just 2.17.3, but 2.18.0 & 1. All done by Stig, so assigning this bug to you.
Assignee: bugsquad => smelror
Advisory: ======================== Updated botan2 packages fix security vulnerability: In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex) (CVE-2021-24115). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24115 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/66VDUR6MFH345POI2NK4EL4N3NCJVT5O/ ======================== Updated packages in core/updates_testing: ======================== botan2-2.9.0-2.2.mga7 libbotan2-devel-2.9.0-2.2.mga7 libbotan2_9-2.9.0-2.2.mga7 botan2-doc-2.9.0-2.2.mga7 python3-botan2-2.9.0-2.2.mga7 from botan2-2.9.0-2.2.mga7.src.rpm
Assignee: smelror => qa-bugsStatus comment: Patch available from openSUSE => (none)
MGA7-64 Plasma on Lenovo B50 No installation issues. Test along bug 26955 Comment 6 (irreplaceable Claire) $ botan --help Usage: botan <cmd> <cmd-options> All commands support --verbose --help --output= --error-output= --rng-type= --drbg-seed= Available commands: Encoders/Decoders: asn1print Decode and print file with ASN.1 Basic Encoding Rules (BER) and a lot more .... $ echo "Test File" > testbotan.txt $ botan base64_enc testbotan.txt > testbotancrypt.txt ]$ cat testbotancrypt.txt VGVzdCBGaWxlCg== $ botan base64_dec testbotancrypt.txt Test File $ python3 Python 3.7.10 (default, Apr 8 2021, 17:12:00) [GCC 8.4.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import botan2 >>> tester = botan2.RandomNumberGenerator() >>> tested = tester.get(10) >>> print ("Random number is {}".format(tested)) Random number is b'\xab\x8d\xb7+a\xee\xad\x9cN\x1f' >>> quit() Checked botan2-doc with.. $ lynx /usr/share/doc/botan-2.9.0/manual/index.html Looks OK.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Thank you again, Herman. And thank YOU, Claire. Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0329.html
Status: NEW => RESOLVEDResolution: (none) => FIXED