1. Ubuntu Security Notices
  2. USN-7586-1

USN-7586-1: Botan vulnerabilities

Publication date

23 June 2025

Overview

Several security issues were fixed in Botan.

Releases

Packages

  • botan - C++ cryptography library

Details

It was discovered that Botan could have compiler dependent operations
induced under certain circumstances. An attacker could possibly use this
issue to cause undefined behavior. (CVE-2024-50382, CVE-2024-50383)

Bing Shi discovered that Botan did not limit the size of certain inputs
when checking primality and name constraints. An attacker could possibly
use this issue to cause a denial of service. (CVE-2024-34702,
CVE-2024-34703)

It was discovered that Botan did not correctly handle conflicting name
constraints. An attacker could possibly use this issue to bypass
authentication. (CVE-2024-39312)

It was discovered that Botan could have compiler dependent operations
induced under certain circumstances. An attacker could possibly use this
issue to cause undefined behavior. (CVE-2024-50382, CVE-2024-50383)

Bing Shi discovered that Botan did not limit the size of certain inputs
when checking primality and name constraints. An attacker could possibly
use this issue to cause a denial of service. (CVE-2024-34702,
CVE-2024-34703)

It was discovered that Botan did not correctly handle conflicting name
constraints. An attacker could possibly use this issue to bypass
authentication. (CVE-2024-39312)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
24.10 oracular botan –  2.19.3+dfsg-1ubuntu2.1
libbotan-2-19 –  2.19.3+dfsg-1ubuntu2.1
libbotan-2-dev –  2.19.3+dfsg-1ubuntu2.1
python3-botan –  2.19.3+dfsg-1ubuntu2.1
24.04 noble botan –  2.19.3+dfsg-1ubuntu2+esm1  
libbotan-2-19 –  2.19.3+dfsg-1ubuntu2+esm1  
libbotan-2-dev –  2.19.3+dfsg-1ubuntu2+esm1  
python3-botan –  2.19.3+dfsg-1ubuntu2+esm1  
22.04 jammy botan –  2.19.1+dfsg-2ubuntu1+esm1  
libbotan-2-19 –  2.19.1+dfsg-2ubuntu1+esm1  
libbotan-2-dev –  2.19.1+dfsg-2ubuntu1+esm1  
python3-botan –  2.19.1+dfsg-2ubuntu1+esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›