drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in The GNU Privacy Guard
Name: |
Preisgabe von Informationen in The GNU Privacy Guard |
|
ID: |
201706-22 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Do, 22. Juni 2017, 23:43 |
|
Referenzen: |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4579
http://seclists.org/oss-sec/2016/q3/343 |
|
Applikationen: |
The GNU Privacy Guard |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --wXuWJgKL9FqEvLt4P3eX3E04wHVoACdcW Content-Type: multipart/mixed; boundary="445FgwQptqIFj42WiQGdg4K5DrQaktkvS"; protected-headers="v1" From: Kristian Fiskerstrand <k_f@gentoo.org> Reply-To: security@gentoo.org To: gentoo-announce@lists.gentoo.org Message-ID: <7fddc67a-be9e-08bd-838e-64fd4897a1e6@gentoo.org> Subject: [ GLSA 201706-22 ] libksba: Denial of Service and information disclosure
--445FgwQptqIFj42WiQGdg4K5DrQaktkvS Content-Type: text/plain; charset=utf-8 Content-Language: en-U Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201706-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: libksba: Denial of Service and information disclosure Date: June 22, 2017 Bugs: #592078 ID: 201706-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities have been found in libksba which might allow remote attackers to obtain sensitive information or crash an libksba-based application.
Background ==========
Libksba is a X.509 and CMS (PKCS#7) library.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libksba < 1.3.5 >= 1.3.5
Description ===========
It was found that an unproportionate amount of memory is allocated when parsing crafted certificates in libskba, which may lead to Denial of Service condition.
Moreover in libksba 1.3.4, allocated memory is uninitialized and could potentially contain sensitive data left in freed memory block.
Impact ======
A remote attacker, able to interact with an libksba-based application, could possibly obtain sensitive information or cause a Denial of Service condition.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All libksba users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libksba-1.3.5"
References ==========
[ 1 ] CVE-2016-4579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4579 [ 2 ] Upstream report http://seclists.org/oss-sec/2016/q3/343
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201706-22
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--445FgwQptqIFj42WiQGdg4K5DrQaktkvS--
--wXuWJgKL9FqEvLt4P3eX3E04wHVoACdcW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEtOrRIMf4mkrqRycHJQt6/tY3nYUFAllMAk8ACgkQJQt6/tY3 nYWKTQf/YCKF/HYH78CJtTfO6eR+0iwrwJrimfLhq03Dqlx//HPVQMfI4GlbCT5H BTAShJMZeU/pe2demUxt81JXQsTiGssXFUbQOglCbIysG0zwpZ8r1BBImXRSQBco 4HcNqMIpVLq1om8ais6ceHClCMV5Ir0nxLkzVee7GI56Jd69On7gYCkY1EXmrCrI WeLfi6XZEkzmKgYHwxmv51/bZMlaJQRnv75JxdJO74MLLsLgHmL8SpjgSOXCakl8 0zTZVOVVocSeQuTAvvl2G/X5GQam1YtrAWLdI7DhYOZlIXmeSUpSCZvOgDi1gPRZ QfwkCEQN+7ij629GE3ZmC47Zmj+yPA== =iozE -----END PGP SIGNATURE-----
--wXuWJgKL9FqEvLt4P3eX3E04wHVoACdcW--
|
|
|
|