libksba is vulnerable to two integer overflows and a Denial of Service vulnerability. Denial of Service due to stack overflow in src/ber-decoder.c http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a Integer overflow in the BER decoder src/ber-decoder.c http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887 Integer overflow in the DN decoder src/dn.c http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
URL: (none) => http://lwn.net/Vulnerabilities/685291/Hardware: All => i586
Thanks for the report. The Gentoo advisory mentions that version >= 1.3.3 are unaffected, and it's the version we have in Mageia 5 and Cauldron, so we should be good.
Status: NEW => RESOLVEDResolution: (none) => INVALID
Forgot the reference: http://lwn.net/Alerts/685271/
I missed the version - sorry.
No problem - we're all learning how we can work as a team and share such information regarding security vulnerabilities, it'll take some time until we find the proper workflow :)