Advisories » MGASA-2017-0422

Updated botan packages fix security vulnerability

Publication date: 20 Nov 2017
Modification date: 20 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-14737

Description

In the Montgomery exponentiation code, a table of precomputed values is
used. An attacker able to analyze which cache lines were accessed
(perhaps via an active attack such as Prime+Probe) could recover
information about the exponent (CVE-2017-14737).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21938
• https://botan.randombit.net/security.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RPHA5S6ZQM46XJ2CGDEETO6U6I6M5NEG/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14737

SRPMS

5/core

• botan-1.10.17-1.mga5

6/core

• botan-1.10.17-1.mga6