{"schema_version":"1.7.2","id":"OESA-2024-2330","modified":"2024-11-01T11:09:32Z","published":"2024-11-01T11:09:32Z","upstream":["CVE-2024-50382"],"summary":"botan2 security update","details":"Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \\#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library. This is the current stable release branch 2.x of Botan.\r\n\r\nSecurity Fix(es):\r\n\r\nBotan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.(CVE-2024-50382)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"botan2","purl":"pkg:rpm/openEuler/botan2\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.19.3-4.oe2403"}]}],"ecosystem_specific":{"aarch64":["botan2-2.19.3-4.oe2403.aarch64.rpm","botan2-debuginfo-2.19.3-4.oe2403.aarch64.rpm","botan2-debugsource-2.19.3-4.oe2403.aarch64.rpm","botan2-devel-2.19.3-4.oe2403.aarch64.rpm","python3-botan2-2.19.3-4.oe2403.aarch64.rpm"],"noarch":["botan2-doc-2.19.3-4.oe2403.noarch.rpm"],"src":["botan2-2.19.3-4.oe2403.src.rpm"],"x86_64":["botan2-2.19.3-4.oe2403.x86_64.rpm","botan2-debuginfo-2.19.3-4.oe2403.x86_64.rpm","botan2-debugsource-2.19.3-4.oe2403.x86_64.rpm","botan2-devel-2.19.3-4.oe2403.x86_64.rpm","python3-botan2-2.19.3-4.oe2403.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2330"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50382"}],"database_specific":{"severity":"Medium"}}