Updated libcryptopp packages fix security vulnerability
Publication date: 07 Jan 2017Modification date: 07 Jan 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9939
Description
When Crypto++ library parses an ASN.1 data value, the library allocates for the content octets based on the length octets. Later, if there's too few or too little content octets, the library throws a BERDecodeErr exception. The memory for the content octets will be zeroized (even if unused), which could take a long time on a large allocation (CVE-2016-9939).
References
SRPMS
5/core
- libcryptopp-5.6.3-1.3.mga5