Summary: | <dev-libs/libksba-1.3.4 : Incomplete fix for CVE-2016-4356 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alonbl, crypto+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1334831 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 590656 |
Description
Agostino Sarubbo
2016-05-11 07:16:28 UTC
Version bump to 1.3.4. Changes are trivial, can we wait few days to see if there are issues? Hi, Please stabilize. Thanks! Stable on alpha. Stable for PPC64. arm stable amd64 stable Stable for HPPA. x86 stable ppc stable sparc stable ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. CVE-2016-4574 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4574): Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356. Re-designating again. This is a potential DoS. @maintainer(s), please clean the vulnerable version so we can close this. (In reply to Aaron Bauman from comment #13) > Re-designating again. This is a potential DoS. > > @maintainer(s), please clean the vulnerable version so we can close this. Done, thanks! (In reply to Alon Bar-Lev from comment #14) > (In reply to Aaron Bauman from comment #13) > > Re-designating again. This is a potential DoS. > > > > @maintainer(s), please clean the vulnerable version so we can close this. > > Done, thanks! Thanks! |