USN-7586-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-7586-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7586-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-7586-1
Upstream
Related
Published
2025-06-23T02:10:22.570057Z
Modified
2025-07-16T08:48:06.606240Z
Summary
botan vulnerabilities
Details

It was discovered that Botan could have compiler dependent operations induced under certain circumstances. An attacker could possibly use this issue to cause undefined behavior. (CVE-2024-50382, CVE-2024-50383)

Bing Shi discovered that Botan did not limit the size of certain inputs when checking primality and name constraints. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-34702, CVE-2024-34703)

It was discovered that Botan did not correctly handle conflicting name constraints. An attacker could possibly use this issue to bypass authentication. (CVE-2024-39312)

References

Affected packages

Ubuntu:Pro:22.04:LTS / botan

Package

Name
botan
Purl
pkg:deb/ubuntu/botan@2.19.1+dfsg-2ubuntu1+esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.19.1+dfsg-2ubuntu1+esm1

Affected versions

2.*

2.17.3+dfsg-3
2.19.1+dfsg-2ubuntu1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.19.1+dfsg-2ubuntu1+esm1",
            "binary_name": "botan"
        },
        {
            "binary_version": "2.19.1+dfsg-2ubuntu1+esm1",
            "binary_name": "botan-dbgsym"
        },
        {
            "binary_version": "2.19.1+dfsg-2ubuntu1+esm1",
            "binary_name": "libbotan-2-19"
        },
        {
            "binary_version": "2.19.1+dfsg-2ubuntu1+esm1",
            "binary_name": "libbotan-2-19-dbgsym"
        },
        {
            "binary_version": "2.19.1+dfsg-2ubuntu1+esm1",
            "binary_name": "libbotan-2-dev"
        },
        {
            "binary_version": "2.19.1+dfsg-2ubuntu1+esm1",
            "binary_name": "libbotan-2-doc"
        },
        {
            "binary_version": "2.19.1+dfsg-2ubuntu1+esm1",
            "binary_name": "python3-botan"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Ubuntu:Pro:24.04:LTS / botan

Package

Name
botan
Purl
pkg:deb/ubuntu/botan@2.19.3+dfsg-1ubuntu2+esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.19.3+dfsg-1ubuntu2+esm1

Affected versions

2.*

2.19.3+dfsg-1ubuntu1
2.19.3+dfsg-1ubuntu2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.19.3+dfsg-1ubuntu2+esm1",
            "binary_name": "botan"
        },
        {
            "binary_version": "2.19.3+dfsg-1ubuntu2+esm1",
            "binary_name": "botan-dbgsym"
        },
        {
            "binary_version": "2.19.3+dfsg-1ubuntu2+esm1",
            "binary_name": "libbotan-2-19"
        },
        {
            "binary_version": "2.19.3+dfsg-1ubuntu2+esm1",
            "binary_name": "libbotan-2-19-dbgsym"
        },
        {
            "binary_version": "2.19.3+dfsg-1ubuntu2+esm1",
            "binary_name": "libbotan-2-dev"
        },
        {
            "binary_version": "2.19.3+dfsg-1ubuntu2+esm1",
            "binary_name": "libbotan-2-doc"
        },
        {
            "binary_version": "2.19.3+dfsg-1ubuntu2+esm1",
            "binary_name": "python3-botan"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}