Описание
Security update for libksba
This update for libksba fixes the following issues:
- CVE-2016-4579: Out-of-bounds read in _ksba_ber_parse_tl()
- CVE-2016-4574: two OOB read access bugs (remote DoS) (bsc#979261)
Also adding reliability fixes from v1.3.4.
Список пакетов
SUSE Linux Enterprise Desktop 12
libksba8-1.3.0-23.1
SUSE Linux Enterprise Desktop 12 SP1
libksba8-1.3.0-23.1
SUSE Linux Enterprise Server 12
libksba8-1.3.0-23.1
SUSE Linux Enterprise Server 12 SP1
libksba8-1.3.0-23.1
SUSE Linux Enterprise Server for SAP Applications 12
libksba8-1.3.0-23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libksba8-1.3.0-23.1
SUSE Linux Enterprise Software Development Kit 12
libksba-devel-1.3.0-23.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libksba-devel-1.3.0-23.1
Ссылки
- Link for SUSE-SU-2016:1510-1
- E-Mail link for SUSE-SU-2016:1510-1
- SUSE Security Ratings
- SUSE Bug 979261
- SUSE Bug 979906
- SUSE CVE CVE-2016-4574 page
- SUSE CVE CVE-2016-4579 page
Описание
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libksba8-1.3.0-23.1
SUSE Linux Enterprise Desktop 12:libksba8-1.3.0-23.1
SUSE Linux Enterprise Server 12 SP1:libksba8-1.3.0-23.1
SUSE Linux Enterprise Server 12:libksba8-1.3.0-23.1
Ссылки
- CVE-2016-4574
- SUSE Bug 1135436
- SUSE Bug 979261
Описание
Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libksba8-1.3.0-23.1
SUSE Linux Enterprise Desktop 12:libksba8-1.3.0-23.1
SUSE Linux Enterprise Server 12 SP1:libksba8-1.3.0-23.1
SUSE Linux Enterprise Server 12:libksba8-1.3.0-23.1
Ссылки
- CVE-2016-4579
- SUSE Bug 1135436
- SUSE Bug 979906