[Botan-announce] Botan 2.6.0 released
jack at randombit.net
Tue Apr 10 09:38:07 EDT 2018
Botan 2.6.0 has been released a little earlier than expected, in
order to address two issues.
One was a security bug affecting TLS CBC decryption (CVE-2018-9860). An off by
one error meant that a specifically malformed TLS CBC ciphertext could cause
miscomputation of a length field. This would cause the decryptor to HMAC 64K
bytes of data immediately following the record. This could cause a crash, if the
read went into unmapped memory. It is not usable for RCE or information leak.
All versions from 1.11.32 are affected. Thanks to OSS-Fuzz for finding this bug.
The other was a plain bug, it turned out that some inline asm constructs were
invalid and when compiled with GCC 7.3 with specific (non-default) flags, it
would cause miscomputations and the test suite would hang. This was known to
affect the Arch and Debian packages.
Other changes in this release include addition of labels for OAEP encryption,
improvments to RSA performance (15% faster signatures, 50% faster verification),
and improvements to RSA side channel resistance (exponent blinding is now used).
More information about the botan-announce