An integer overflow vulnerability has been found in libksba which could result in remote code execution.
|Package||dev-libs/libksba on all architectures|
|Affected versions||< 1.6.3|
|Unaffected versions||>= 1.6.3|
Libksba is a X.509 and CMS (PKCS#7) library.
An integer overflow in parsing ASN.1 objects could lead to a buffer overflow.
Crafted ASN.1 objects could trigger an integer overflow and buffer overflow to result in remote code execution.
There is no known workaround at this time.
All libksba users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libksba-1.6.3"
December 28, 2022
December 28, 2022: 1