SB2016021504 - Fedora EPEL 7 update for botan, qt-creator 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016021504

SB2016021504 - Fedora EPEL 7 update for botan, qt-creator

Published: February 15, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016021504
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 40% Medium 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2016-2194)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.


2) Heap-based buffer overflow (CVE-ID: CVE-2016-2195)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27. A remote attacker can use a crafted ECC point to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Heap-based buffer overflow (CVE-ID: CVE-2016-2196)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27. A remote attacker can use unspecified vectors. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Resource management error (CVE-ID: CVE-2015-5727)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.


5) Input validation error (CVE-ID: CVE-2015-5726)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.


Remediation

Install update from vendor's website.

References