A CVE has been assigned for an issue fixed in libksba 1.3.2: http://openwall.com/lists/oss-security/2014/11/26/3 Freeze push requested for Cauldron. Updated package uploaded for Mageia 3 and Mageia 4. libksba is used through gnupg2, so that's what you need to use to test this. We have a gnupg test procedure; you just need to use "gpg2" instead of "gpg" as the command to test gnupg2: https://bugs.mageia.org/show_bug.cgi?id=11306#c3 This probably isn't the most serious issue in the world, but the testing procedure is quick and easy, so if we're able to get it tested today, then great. Advisory: ======================== Updated libksba packages fix security vulnerability: By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could lead to a denial of service (CVE-2014-9087). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9087 http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html http://openwall.com/lists/oss-security/2014/11/26/3 ======================== Updated packages in core/updates_testing: ======================== libksba8-1.3.2-1.mga3 libksba-devel-1.3.2-1.mga3 libksba8-1.3.2-1.mga4 libksba-devel-1.3.2-1.mga4 from SRPMS: libksba-1.3.2-1.mga3.src.rpm libksba-1.3.2-1.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO has_procedure
Tested successfully Mageia 3 i586 and Mageia 4 i586 using the encryption/decryption test with gpg2.
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK
Mageia 4 testing done x64 validated update.
Keywords: (none) => validated_updateCC: (none) => ozkyster, sysadmin-bugsWhiteboard: MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK => MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-64-MGA3-32-OK
Sysadmins push to updates.
Fixing the corrupted whiteboard tag. Thanks for testing.
Whiteboard: MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-64-MGA3-32-OK => MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-32-OK
Advisory uploaded.
Whiteboard: MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-32-OK => MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-32-OK advisory
Whiteboard: MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-32-OK advisory => MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-32-OK MGA3-64-OK
Whiteboard: MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-32-OK MGA3-64-OK => MGA3TOO has_procedure advisory MGA4-64-OK MGA4-32-OK MGA3-32-OK MGA3-64-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0498.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/623292/