MGASA-2020-0308

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0308.html

Import Source

https://advisories.mageia.org/MGASA-2020-0308.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0308

Published

2020-07-31T23:25:42Z

Modified

2026-04-16T04:25:47.419598Z

Summary

Updated botan2 packages fix security vulnerability

Details

The CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded to an attacker running a side channel attack via shared resources such as cache or branch predictor. No information about the contents was leaked, but the length alone might be used to make inferences about the contents. This issue affects TLS CBC ciphersuites as well as CBC encryption using PKCS7 or other similar padding mechanisms. In all cases, the unpadding operations were already constant time and are not affected (rhbz#1849743).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / botan2

Package

Name: botan2
Purl: pkg:rpm/mageia/botan2?arch=source&distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.0-2.1.mga7

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2020-0308.json"