Advisories » MGASA-2022-0485

Updated libksba packages fix security vulnerability

Publication date: 30 Dec 2022
Modification date: 30 Dec 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-47629

Description

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the
CRL signature parser. (CVE-2022-47629)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31311
• https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html
• https://www.debian.org/security/2022/dsa-5305
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47629

SRPMS

8/core

• libksba-1.5.0-1.2.mga8