Updated libksba packages fix security vulnerabilitiesPublication date: 18 May 2016
Affected Mageia releases : 5
CVE: CVE-2016-4574 , CVE-2016-4579
Updated libksba packages fix security vulnerabilities: An out-of-bounds read access in _ksba_dn_to_str() in libksba 1.3.3, due to an incomplete fix for CVE-2016-4356, could result in denial of service (CVE-2016-4574). In liksba 1.3.3, the returned length of the object from _ksba_ber_parse_tl() (ti.length) was not always checked against the actual buffer length, thus leading to a read access after the end of the buffer, which could result in denial of service (CVE-2016-4579).