Описание
Security update for libksba
This update for libksba fixes the following issues:
- CVE-2016-4579: Out-of-bounds read in _ksba_ber_parse_tl()
- CVE-2016-4574: two OOB read access bugs (remote DoS) (bsc#979261)
Also adding reliability fixes from v1.3.4.
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libksba-1.0.4-1.25.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libksba-1.0.4-1.25.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libksba-devel-1.0.4-1.25.1
Ссылки
- Link for SUSE-SU-2016:1509-1
- E-Mail link for SUSE-SU-2016:1509-1
- SUSE Security Ratings
- SUSE Bug 979261
- SUSE Bug 979906
- SUSE CVE CVE-2016-4574 page
- SUSE CVE CVE-2016-4579 page
Описание
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libksba-1.0.4-1.25.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libksba-1.0.4-1.25.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libksba-devel-1.0.4-1.25.1
Ссылки
- CVE-2016-4574
- SUSE Bug 1135436
- SUSE Bug 979261
Описание
Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libksba-1.0.4-1.25.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libksba-1.0.4-1.25.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libksba-devel-1.0.4-1.25.1
Ссылки
- CVE-2016-4579
- SUSE Bug 1135436
- SUSE Bug 979906