1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
PublicDateAtUSN: 2016-05-13
Candidate: CVE-2016-4574
PublicDate: 2016-06-13
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4574
http://www.ubuntu.com/usn/usn-2982-1
Description:
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c)
in Libksba before 1.3.4 allows remote attackers to cause a denial of
service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2016-4356.
Ubuntu-Description:
Notes:
Bugs:
https://bugs.gnupg.org/gnupg/issue2344
Priority: medium
Discovered-by: Pascal Cuoq
Assigned-to: mdeslaur
Patches_libksba:
upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75
upstream_libksba: released (1.3.4-3)
precise_libksba: released (1.2.0-2ubuntu0.2)
trusty_libksba: released (1.3.0-3ubuntu0.14.04.2)
vivid/stable-phone-overlay_libksba: DNE
vivid/ubuntu-core_libksba: DNE
wily_libksba: released (1.3.3-1ubuntu0.15.10.1)
xenial_libksba: released (1.3.3-1ubuntu0.16.04.1)
devel_libksba: not-affected (1.3.4-3)
|