Bug 33429 - botan2 new security issue CVE-2024-34703
Summary: botan2 new security issue CVE-2024-34703
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2024-07-25 08:53 CEST by Nicolas Salguero
Modified: 2024-09-13 19:16 CEST (History)
3 users (show)

See Also:
Source RPM: botan2-2.19.3-1.mga9.src.rpm
CVE: CVE-2024-34703
Status comment: Fixed upstream in 2.19.5 and patch available from upstream


Attachments

Nicolas Salguero 2024-07-25 08:54:20 CEST

Status comment: (none) => Fixed upstream in 2.19.5 and patch available from upstream
Source RPM: (none) => botan2-2.19.3-1.mga9.src.rpm
CVE: (none) => CVE-2024-34703

Comment 1 Lewis Smith 2024-07-25 21:15:16 CEST
Assigning to Stig who put 2.19.5 into Cauldron, for M9.

Assignee: bugsquad => smelror

Comment 2 David GEIGER 2024-09-11 17:53:21 CEST
Assigning to QA,

Packages in 9/Core/Updates_testing:
======================
botan2-2.19.5-1.mga9
botan2-doc-2.19.5-1.mga9.noarch.rpm
libbotan2-devel-2.19.5-1.mga9
libbotan2_19-2.19.5-1.mga9
lib64botan2-devel-2.19.5-1.mga9
lib64botan2_19-2.19.5-1.mga9
python3-botan2-2.19.5-1.mga9

From SRPMS:
botan2-2.19.5-1.mga9.src.rpm

Assignee: smelror => qa-bugs
CC: (none) => geiger.david68210

katnatek 2024-09-11 19:32:10 CEST

Keywords: (none) => advisory

Comment 3 katnatek 2024-09-12 20:19:52 CEST
RH x86_64

LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date

installing lib64botan2_19-2.19.5-1.mga9.x86_64.rpm python3-botan2-2.19.5-1.mga9.x86_64.rpm botan2-2.19.5-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/3: botan2                ##################################################################################################
      2/3: lib64botan2_19        ##################################################################################################
      3/3: python3-botan2        ##################################################################################################
      1/3: removing lib64botan2_19-2.19.3-1.mga9.x86_64
                                 ##################################################################################################
      2/3: removing python3-botan2-2.19.3-1.mga9.x86_64
                                 ##################################################################################################
      3/3: removing botan2-2.19.3-1.mga9.x86_64
                                 ##################################################################################################


Reference bug#29659 Comment#5 

echo "Test File" > testbotan.txt

botan base64_enc testbotn.txt > testbotancrypt.txt

cat testbotancrypt.txt
VGVzdCBGaWxlCg==

botan base64_dec testbotancrypt.txt
Test File

python3
Python 3.10.11 (main, Mar 26 2024, 15:00:27) [GCC 12.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import botan2
>>> tester = botan2.RandomNumberGenerator()
>>> tested = tester.get(10)
>>> print ("Random number is {}".format(tested))
Random number is b'\xa5.\x13*Y8\xd4\n\xabQ'
>>> quit()

I not install botan2-doc so not have the documentation
Looks good to me

Whiteboard: (none) => MGA9-64-OK
CC: (none) => andrewsfarm

Comment 4 Thomas Andrews 2024-09-13 13:59:52 CEST
Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2024-09-13 19:16:29 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0297.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.