Advisories » MGASA-2016-0310

Updated libksba packages fix security vulnerability

Publication date: 21 Sep 2016
Modification date: 21 Sep 2016
Type: security
Affected Mageia releases : 5

Description

It was found that an unproportionate amount of memory is allocated when
parsing crafted certificates in libskba, which may lead to DoS.
Moreover in libksba 1.3.4, allocated memory is uninitialized and could
potentially contain sensitive data left in freed memory block.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19288
• http://openwall.com/lists/oss-security/2016/08/20/3
• http://openwall.com/lists/oss-security/2016/08/22/7
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KUORSGVTYHQQKX2AYN7ASGUMPKFCV3HJ/

SRPMS

5/core

• libksba-1.3.5-1.mga5