Advisories ยป MGASA-2016-0181

Updated libksba packages fix security vulnerabilities

Publication date: 18 May 2016
Modification date: 18 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4574 , CVE-2016-4579

Description

Updated libksba packages fix security vulnerabilities:

An out-of-bounds read access in _ksba_dn_to_str() in libksba 1.3.3, due to an
incomplete fix for CVE-2016-4356, could result in denial of service
(CVE-2016-4574).

In liksba 1.3.3, the returned length of the object from _ksba_ber_parse_tl()
(ti.length) was not always checked against the actual buffer length, thus
leading to a read access after the end of the buffer, which could result in
denial of service (CVE-2016-4579).
                

References

SRPMS

5/core