Oval Definition:oval:org.opensuse.security:def:20189860
Revision Date:2022-09-01Version:1
Title:CVE-2018-9860
Description:

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2018-9860
SUSE CVE-2018-9860
Platform(s):openSUSE Tumbleweed
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP5
Product(s):
Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • Botan-2.18.1-1.3 is installed
  • OR Botan-doc-2.18.1-1.3 is installed
  • OR libbotan-2-18-2.18.1-1.3 is installed
  • OR libbotan-2-18-32bit-2.18.1-1.3 is installed
  • OR libbotan-devel-2.18.1-1.3 is installed
  • OR libbotan-devel-32bit-2.18.1-1.3 is installed
  • OR python3-botan-2.18.1-1.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND Botan is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Software Development Kit 12 SP2 is installed
  • OR SUSE Linux Enterprise Software Development Kit 12 SP3 is installed
  • AND Botan is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • OR SUSE Linux Enterprise Software Development Kit 12 SP5 is installed
  • AND Package Information
  • libbotan-1_10-0 is affected
  • OR libbotan-devel is affected
    • BACK