libksba 1.3.3 fixes a security issue and a couple minor bugs. The NEWS file from the source says this: Noteworthy changes in version 1.3.3 (2015-04-10) [C19/A11/R4] ------------------------------------------------ * Fixed an integer overflow in the DN decoder. * Now returns an error instead of terminating the process for certain bad BER encodings. * Improved the parsing of utf-8 strings in DNs. * Allow building with newer versions of Bison. * Improvement building on Windows with newer versions of Mingw. Updated packages uploaded for Mageia 4 and Cauldron. For some reason, it hasn't been announced on the gnupg list, so I don't have any references at this time. Testing information for this package is in a previous update, Bug 14663. Advisory: ======================== The libksba package has been updated to version 1.3.3, which fixes an integer overflow in the DN decoder and a couple of other minor bugs. ======================== Updated packages in core/updates_testing: ======================== libksba8-1.3.3-1.mga4 libksba-devel-1.3.3-1.mga4 from libksba-1.3.3-1.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => has_procedure
Tested fine on Mageia 4 i586 using the first half of MrsB's previous procedure with gpg2.
Whiteboard: has_procedure => has_procedure MGA4-32-OK
Validating. Advisory uploaded. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK advisoryCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0166.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/641765/
This update fixed CVE-2016-4354, CVE-2016-4355, and CVE-2016-4356: http://openwall.com/lists/oss-security/2016/04/29/8