An update for botan2 is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2329 Final 1.0 1.0 2024-11-01 Initial 2024-11-01 2024-11-01 openEuler SA Tool V1.0 2024-11-01 botan2 security update An update for botan2 is now available for openEuler-22.03-LTS-SP3 Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library. This is the current stable release branch 2.x of Botan. Security Fix(es): Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.(CVE-2024-50382) An update for botan2 is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium botan2 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2329 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50382 https://nvd.nist.gov/vuln/detail/CVE-2024-50382 openEuler-22.03-LTS-SP3 botan2-2.19.3-4.oe2203sp3.aarch64.rpm botan2-debuginfo-2.19.3-4.oe2203sp3.aarch64.rpm botan2-debugsource-2.19.3-4.oe2203sp3.aarch64.rpm botan2-devel-2.19.3-4.oe2203sp3.aarch64.rpm python3-botan2-2.19.3-4.oe2203sp3.aarch64.rpm botan2-2.19.3-4.oe2203sp3.src.rpm botan2-2.19.3-4.oe2203sp3.x86_64.rpm botan2-debuginfo-2.19.3-4.oe2203sp3.x86_64.rpm botan2-debugsource-2.19.3-4.oe2203sp3.x86_64.rpm botan2-devel-2.19.3-4.oe2203sp3.x86_64.rpm python3-botan2-2.19.3-4.oe2203sp3.x86_64.rpm botan2-doc-2.19.3-4.oe2203sp3.noarch.rpm Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V. 2024-11-01 CVE-2024-50382 openEuler-22.03-LTS-SP3 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N botan2 security update 2024-11-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2329