libksba: Multiple vulnerabilities Multiple vulnerabilities have been found in libksba, allowing a possible Denial of Service and unspecified other vectors through integer overflows. libksba 2016-04-26 2016-04-26 546464 remote 1.3.3 1.3.3

Libksba is a X.509 and CMS (PKCS#7) library.

libksba is vulnerable to two integer overflows and a Denial of Service vulnerability. Please read the references for additional details.

Remote attackers could cause Denial of Service or unspecified other vectors through various integer overflows.

There is no known workaround at this time.

All libksba users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libksba-1.3.3" Denial of Service due to stack overflow in src/ber-decoder.c Integer overflow in the BER decoder src/ber-decoder.c Integer overflow in the DN decoder src/dn.c BlueKnight b-man