| Summary: | libksba: three vulnerabilities | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nic Baxter <nic> |
| Component: | Security | Assignee: | Mageia Bug Squad <bugsquad> |
| Status: | RESOLVED INVALID | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | ||
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/685291/ | ||
| Whiteboard: | |||
| Source RPM: | CVE: | ||
| Status comment: | |||
|
Nic Baxter
2016-04-29 08:18:32 CEST
URL:
(none) =>
http://lwn.net/Vulnerabilities/685291/ Thanks for the report. The Gentoo advisory mentions that version >= 1.3.3 are unaffected, and it's the version we have in Mageia 5 and Cauldron, so we should be good. Status:
NEW =>
RESOLVED Forgot the reference: http://lwn.net/Alerts/685271/ I missed the version - sorry. No problem - we're all learning how we can work as a team and share such information regarding security vulnerabilities, it'll take some time until we find the proper workflow :) |
libksba is vulnerable to two integer overflows and a Denial of Service vulnerability. Denial of Service due to stack overflow in src/ber-decoder.c http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a Integer overflow in the BER decoder src/ber-decoder.c http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887 Integer overflow in the DN decoder src/dn.c http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3