Multiple vulnerabilities have been found in libksba, allowing a possible Denial of Service and unspecified other vectors through integer overflows.
Package | dev-libs/libksba on all architectures |
---|---|
Affected versions | < 1.3.3 |
Unaffected versions | >= 1.3.3 |
Libksba is a X.509 and CMS (PKCS#7) library.
libksba is vulnerable to two integer overflows and a Denial of Service vulnerability. Please read the references for additional details.
Remote attackers could cause Denial of Service or unspecified other vectors through various integer overflows.
There is no known workaround at this time.
All libksba users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libksba-1.3.3"
Release date
April 26, 2016
Latest revision
April 26, 2016: 1
Severity
normal
Exploitable
remote
Bugzilla entries