Bug 1330875 (CVE-2016-2849, CVE-2016-2850) - CVE-2016-2849 CVE-2016-2850 botan: two issues fixed in 1.11.29
Summary: CVE-2016-2849 CVE-2016-2850 botan: two issues fixed in 1.11.29
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-2849, CVE-2016-2850
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1330876 1330877
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-27 08:21 UTC by Martin Prpič
Modified: 2019-09-29 13:48 UTC (History)
1 user (show)

Fixed In Version: botan 1.11.29
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-12-02 09:08:49 UTC
Embargoed:


Attachments (Terms of Use)

Description Martin Prpič 2016-04-27 08:21:01 UTC
The following issues were fixed in the 1.11.29 release of botan:

(CVE-2016-2849): ECDSA side channel

ECDSA (and DSA) signature algorithms perform a modular inverse on the signature nonce k. The modular inverse algorithm used had input dependent loops, and it is possible a side channel attack could recover sufficient information about the nonce to eventually recover the ECDSA secret key. Found by Sean Devlin.

Introduced in 1.7.15, fixed in 1.11.29

2016-03-17 (CVE-2016-2850): Failure to enforce TLS policy

TLS v1.2 allows negotiating which signature algorithms and hash functions each side is willing to accept. However received signatures were not actually checked against the specified policy. This had the effect of allowing a server to use an MD5 or SHA-1 signature, even though the default policy prohibits it. The same issue affected client cert authentication.

The TLS client also failed to verify that the ECC curve the server chose to use was one which was acceptable by the client policy.

Introduced in 1.11.0, fixed in 1.11.29

Reference:

http://botan.randombit.net/security.html#id1

Upstream patches:

https://github.com/randombit/botan/commit/bcf13fa153a11b3e0ad54e2af6962441cea3adf1

Comment 1 Martin Prpič 2016-04-27 08:22:07 UTC
Created botan tracking bugs for this issue:

Affects: fedora-all [bug 1330876]
Affects: epel-all [bug 1330877]

Comment 2 Thomas Moschny 2016-04-29 18:12:47 UTC
This bug is slightly imprecise:

- CVE-2016-2850 does not affect us, as it was introduced in 1.11.0, fixed in 1.11.29. All Fedora/EPEL branches carry 1.10.X and 1.8.X branches though.

- CVE-2016-2849 is fixed in 1.11.29, but also in 1.10.13.

- Version 1.10.13 also fixes CVE-2015-7827.

So, all Fedora branches as well as EPEL7 will be updated to 1.10.13.

Comment 3 Fedora Update System 2016-05-07 11:44:04 UTC
botan-1.10.13-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2016-05-15 05:31:57 UTC
botan-1.10.13-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2016-05-16 14:54:52 UTC
botan-1.10.13-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2016-05-20 20:19:37 UTC
botan-1.10.13-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.