An integer overflow vulnerability has been found in libksba which could result in remote code execution.
|Package||dev-libs/libksba on all architectures|
|Affected versions||< 1.6.2|
|Unaffected versions||>= 1.6.2|
Libksba is a X.509 and CMS (PKCS#7) library.
An integer overflow in parsing ASN.1 objects could lead to a buffer overflow.
Crafted ASN.1 objects could trigger an integer overflow and buffer overflow to result in remote code execution.
There is no known workaround at this time.
All libksba users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libksba-1.6.2"
October 31, 2022
October 31, 2022: 1