[Botan-announce] Botan 2.6.0 released

Jack Lloyd jack at randombit.net
Tue Apr 10 09:38:07 EDT 2018

Botan 2.6.0 has been released a little earlier than expected, in
order to address two issues.

One was a security bug affecting TLS CBC decryption (CVE-2018-9860). An off by
one error meant that a specifically malformed TLS CBC ciphertext could cause
miscomputation of a length field. This would cause the decryptor to HMAC 64K
bytes of data immediately following the record. This could cause a crash, if the
read went into unmapped memory. It is not usable for RCE or information leak.
All versions from 1.11.32 are affected. Thanks to OSS-Fuzz for finding this bug.

The other was a plain bug, it turned out that some inline asm constructs were
invalid and when compiled with GCC 7.3 with specific (non-default) flags, it
would cause miscomputations and the test suite would hang. This was known to
affect the Arch and Debian packages.

Other changes in this release include addition of labels for OAEP encryption,
improvments to RSA performance (15% faster signatures, 50% faster verification),
and improvements to RSA side channel resistance (exponent blinding is now used).

SHA-256 c1f261555bba702c73608dde7bd743ef2d6377a41a1c295915b25c5babaf5cc5


More information about the botan-announce mailing list