Source: libksba Version: 1.3.1-1 Severity: grave Tags: security upstream patch fixed-upstream
Hi all, Today a new upstream release for Libksba was announced, addressing in particular the following: > Impact of the security bug > ========================== > > By using special crafted S/MIME messages or ECC based OpenPGP data, it > is possible to create a buffer overflow. The bug is not easy to exploit > because there only 80 possible values which can be used to overwrite > memory. However, a denial of service is possible and someone may come > up with other clever attacks. Thus this should be fix. > > Affected versions: All Libksba versions < 1.3.2 > > Background: Yesterday Hanno Böck found an invalid memory access in the > 2.1 branch of GnuPG by conveying a malformed OID as part of an ECC key. > It turned out that this bug has also been in libksba ever since and > affects at least gpgsm and dirmngr. The code to convert an OID to its > string representation has an obvious error of not considering an invalid > encoding for arc-2. A first byte of 0x80 can be used to make a value of > less then 80 and we then subtract 80 from it as required by the OID > encoding rules. Due to the use of an unsigned integer this results in a > pretty long value which won't fit anymore into the allocated buffer. > The actual fix for lib Libksba is commit f715b9e. Announce: http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html Upstream fix: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f715b9e156dfa99ae829fc694e5a0abd23ef97d7 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
