Описание
Security update for libksba
This update for libksba fixes the following issues:
- CVE-2016-4579: Out-of-bounds read in _ksba_ber_parse_tl()
- CVE-2016-4574: two OOB read access bugs (remote DoS) (bsc#979261)
Also adding reliability fixes from v1.3.4.
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.1
libksba-1.3.0-7.1
libksba-devel-1.3.0-7.1
libksba8-1.3.0-7.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1525-1
- SUSE Security Ratings
Описание
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.
Затронутые продукты
openSUSE Leap 42.1:libksba-1.3.0-7.1
openSUSE Leap 42.1:libksba-devel-1.3.0-7.1
openSUSE Leap 42.1:libksba8-1.3.0-7.1
Ссылки
- CVE-2016-4574
- SUSE Bug 1135436
- SUSE Bug 979261
Описание
Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."
Затронутые продукты
openSUSE Leap 42.1:libksba-1.3.0-7.1
openSUSE Leap 42.1:libksba-devel-1.3.0-7.1
openSUSE Leap 42.1:libksba8-1.3.0-7.1
Ссылки
- CVE-2016-4579
- SUSE Bug 1135436
- SUSE Bug 979906