SUSE-SU-2017:1222-1: moderate: Security update for Botan

Tue May 9 10:10:19 MDT 2017

   SUSE Security Update: Security update for Botan
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1222-1
Rating:             moderate
References:         #1013209 #1033605 #965620 #965621 #968025 
                    #968026 #968030 #974521 #977420 
Cross-References:   CVE-2014-9742 CVE-2015-5726 CVE-2015-5727
                    CVE-2015-7827 CVE-2016-2194 CVE-2016-2195
                    CVE-2016-2849 CVE-2016-9132 CVE-2017-2801

Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP2
                    SUSE Linux Enterprise Software Development Kit 12-SP1
______________________________________________________________________________

   An update that fixes 9 vulnerabilities is now available.

Description:

   This update for Botan to version 1.10.9 fixes the following issues:

   These security issues were fixed:

   - CVE-2015-5726: The BER decoder in Botan 0.10.x allowed remote attackers
     to cause a denial of service (application crash) via an empty BIT STRING
     in ASN.1 data (bsc#968025).
   - CVE-2015-5727: The BER decoder in Botan 1.10.x allowed remote attackers
     to cause a denial of service (memory consumption) via unspecified
     vectors, related to a length field (bsc#968026).
   - CVE-2015-7827: Botan make it easier for remote attackers to conduct
     million-message attacks by measuring time differences, related to
     decoding of PKCS#1 padding (bsc#968030).
   - CVE-2016-2849: Botan do not use a constant-time algorithm to perform a
     modular inverse on the signature nonce k, which might allowed remote
     attackers to obtain ECDSA secret keys via a timing side-channel attack
     (bsc#977420).
   - CVE-2016-9132: In Botan 1.8.0 when decoding BER data an integer overflow
     could occur, which would cause an incorrect length field to be computed.
     Some API callers may use the returned (incorrect and attacker
     controlled) length field in a way which later caused memory corruption
     or other failure (bsc#1013209).
   - CVE-2016-2194: The ressol function in Botan allowed remote attackers to
     cause a denial of service (infinite loop) via unspecified input to the
     OS2ECP function, related to a composite modulus (bsc#965621).
   - CVE-2016-2195: Integer overflow in the PointGFp constructor in Botan
     allowed remote attackers to overwrite memory and possibly execute
     arbitrary code via a crafted ECC point, which triggers a heap-based
     buffer overflow (bsc#965620).
   - CVE-2017-2801: Incorrect comparison in X.509 DN strings (bsc#1033605).
   - CVE-2014-9742: The Miller-Rabin primality check in Botan improperly used
     a single random base, which made it easier for remote attackers to
     defeat cryptographic protection mechanisms via a DH group (bsc#974521).

   These non-security issues were fixed:

   - Fixed EAX tag verification to run in constant time
   - The default TLS policy now disables SSLv3.
   - A crash could have occured when reading from a blocking random device if
     the device initially indicated that entropy was available but a
     concurrent process drained the entropy pool before the read was
     initiated.
   - Fixed decoding indefinite length BER constructs that contain a context
     sensitive tag of zero.
   - The key length limit on HMAC has been raised to 512 bytes, allowing the
     use
     of very long passphrases with PBKDF2.
   - OAEP had two bugs, one of which allowed it to be used even if the key
     was too small, and the other of which would cause a crash during
     decryption if the EME data was too large for the associated key.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP2:

      zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-723=1

   - SUSE Linux Enterprise Software Development Kit 12-SP1:

      zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-723=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

      Botan-debugsource-1.10.9-3.1
      libbotan-1_10-0-1.10.9-3.1
      libbotan-1_10-0-debuginfo-1.10.9-3.1
      libbotan-devel-1.10.9-3.1

   - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):

      Botan-debugsource-1.10.9-3.1
      libbotan-1_10-0-1.10.9-3.1
      libbotan-1_10-0-debuginfo-1.10.9-3.1
      libbotan-devel-1.10.9-3.1

References:

   https://www.suse.com/security/cve/CVE-2014-9742.html
   https://www.suse.com/security/cve/CVE-2015-5726.html
   https://www.suse.com/security/cve/CVE-2015-5727.html
   https://www.suse.com/security/cve/CVE-2015-7827.html
   https://www.suse.com/security/cve/CVE-2016-2194.html
   https://www.suse.com/security/cve/CVE-2016-2195.html
   https://www.suse.com/security/cve/CVE-2016-2849.html
   https://www.suse.com/security/cve/CVE-2016-9132.html
   https://www.suse.com/security/cve/CVE-2017-2801.html
   https://bugzilla.suse.com/1013209
   https://bugzilla.suse.com/1033605
   https://bugzilla.suse.com/965620
   https://bugzilla.suse.com/965621
   https://bugzilla.suse.com/968025
   https://bugzilla.suse.com/968026
   https://bugzilla.suse.com/968030
   https://bugzilla.suse.com/974521
   https://bugzilla.suse.com/977420