UbuntuUpdates.org

Package "libksba"

Name: libksba

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • X.509 and CMS support library - development files
  • X.509 and CMS support library
Latest version: 1.2.0-2ubuntu0.2
Release: precise (12.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libksba" in Precise

Repository Area Version
base main 1.2.0-2
security main 1.2.0-2ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.2.0-2ubuntu0.2 2016-05-17 17:07:24 UTC

  libksba (1.2.0-2ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via decoder stack overflow
    - debian/patches/CVE-2016-4353.patch: improve error handling in
      src/ber-decoder.c.
    - CVE-2016-4353
  * SECURITY UPDATE: integer overflow in BER decoder
    - debian/patches/CVE-2016-4354-4355.patch: add overflow checks to
      src/ber-decoder.c.
    - CVE-2016-4354
    - CVE-2016-4355
  * SECURITY UPDATE: denial of service in bad encoding handling
    - debian/patches/CVE-2016-4356.patch: fix encoding of invalid utf-8
      strings in src/dn.c.
    - CVE-2016-4356
  * SECURITY UPDATE: denial of service in bad encoding handling
    - debian/patches/CVE-2016-4574.patch: fix OOB read access in
      src/dn.c.
    - CVE-2016-4574
  * SECURITY UPDATE: denial of service via TLV given length
    - debian/patches/CVE-2016-4579.patch: fix possible read access beyond
      the buffer in src/ber-help.c, src/cert.c, src/name.c, src/ocsp.c.
    - CVE-2016-4579

 -- Marc Deslauriers <email address hidden> Fri, 13 May 2016 08:45:29 -0400
Source diff to previous version
CVE-2016-4353 denial of service due to stack overflow in src/ber-decoder.c
CVE-2016-4574 incomplete fix for CVE-2016-4356

Version: 1.2.0-2ubuntu0.1 2014-11-27 21:06:26 UTC

  libksba (1.2.0-2ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution in
    ksba_oid_to_str().
    - debian/patches/CVE-2014-9087.patch: check value in src/oid.c, added
      test to tests/t-oid.c, tests/Makefile.am, fix unrelated typo in
      tests/t-dnparser.c.
    - CVE-2014-9087
 -- Marc Deslauriers <email address hidden> Thu, 27 Nov 2014 12:58:30 -0500
CVE-2014-9087 buffer overflow in ksba_oid_to_str


About   -   Send Feedback to @ubuntu_updates