libksba: Multiple vulnerabilities — GLSA 201604-04

Multiple vulnerabilities have been found in libksba, allowing a possible Denial of Service and unspecified other vectors through integer overflows.

Affected Packages

dev-libs/libksba on all architectures
Affected versions < 1.3.3
Unaffected versions >= 1.3.3

Background

Libksba is a X.509 and CMS (PKCS#7) library.

Description

libksba is vulnerable to two integer overflows and a Denial of Service vulnerability. Please read the references for additional details.

Impact

Remote attackers could cause Denial of Service or unspecified other vectors through various integer overflows.

Workaround

There is no known workaround at this time.

Resolution

All libksba users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/libksba-1.3.3"
 

References

Release Date
April 26, 2016

Latest Revision
April 26, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries