{
  "schema_version": "1.7.0",
  "id": "MGASA-2016-0310",
  "published": "2016-09-21T20:38:22Z",
  "modified": "2016-09-21T20:29:09Z",
  "summary": "Updated libksba packages fix security vulnerability",
  "details": "It was found that an unproportionate amount of memory is allocated when\nparsing crafted certificates in libskba, which may lead to DoS.\nMoreover in libksba 1.3.4, allocated memory is uninitialized and could\npotentially contain sensitive data left in freed memory block.\n",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2016-0310.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=19288"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2016/08/20/3"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2016/08/22/7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KUORSGVTYHQQKX2AYN7ASGUMPKFCV3HJ/"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:5",
        "name": "libksba",
        "purl": "pkg:rpm/mageia/libksba?arch=source&distro=mageia-5"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.5-1.mga5"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}