| Summary: | <dev-libs/libksba-1.3.5: Unproportional amount of memory allocated when parsing crafted certificates | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | crypto+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1369814 | ||
| Whiteboard: | A3 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
@ Arches, please test and mark stable: =dev-libs/libksba-1.3.5 Targeted stable KEYWORDS: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 amd64 stable Stable on alpha. Stable for HPPA PPC64. arm stable x86 stable sparc stable ppc stable ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. This issue was resolved and addressed in GLSA 201706-22 at https://security.gentoo.org/glsa/201706-22 by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : It was found that an unproportionate amount of memory is allocated when parsing crafted certificates in libskba, which may lead to DoS. Moreover in libksba 1.3.4, allocated memory is uninitialized and could potentially contain sensitive data left in freed memory block. Public via: http://seclists.org/oss-sec/2016/q3/343 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.