Security update for libksba
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2016:1510-1
Final
1
1
2016-06-07T08:58:52Z
current
2016-06-07T08:58:52Z
2016-06-07T08:58:52Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for libksba
This update for libksba fixes the following issues:
- CVE-2016-4579: Out-of-bounds read in _ksba_ber_parse_tl()
- CVE-2016-4574: two OOB read access bugs (remote DoS) (bsc#979261)
Also adding reliability fixes from v1.3.4.
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-DESKTOP-12-2016-900,SUSE-SLE-DESKTOP-12-SP1-2016-900,SUSE-SLE-SDK-12-2016-900,SUSE-SLE-SDK-12-SP1-2016-900,SUSE-SLE-SERVER-12-2016-900,SUSE-SLE-SERVER-12-SP1-2016-900
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2016/suse-su-20161510-1/
Link for SUSE-SU-2016:1510-1
https://lists.suse.com/pipermail/sle-security-updates/2016-June/002099.html
E-Mail link for SUSE-SU-2016:1510-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/979261
SUSE Bug 979261
https://bugzilla.suse.com/979906
SUSE Bug 979906
https://www.suse.com/security/cve/CVE-2016-4574/
SUSE CVE CVE-2016-4574 page
https://www.suse.com/security/cve/CVE-2016-4579/
SUSE CVE CVE-2016-4579 page
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Software Development Kit 12 SP1
libksba8-1.3.0-23.1
libksba-devel-1.3.0-23.1
libksba8-1.3.0-23.1 as a component of SUSE Linux Enterprise Desktop 12
libksba8-1.3.0-23.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
libksba8-1.3.0-23.1 as a component of SUSE Linux Enterprise Server 12
libksba8-1.3.0-23.1 as a component of SUSE Linux Enterprise Server 12 SP1
libksba8-1.3.0-23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
libksba8-1.3.0-23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
libksba-devel-1.3.0-23.1 as a component of SUSE Linux Enterprise Software Development Kit 12
libksba-devel-1.3.0-23.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.
CVE-2016-4574
SUSE Linux Enterprise Desktop 12 SP1:libksba8-1.3.0-23.1
SUSE Linux Enterprise Desktop 12:libksba8-1.3.0-23.1
SUSE Linux Enterprise Server 12 SP1:libksba8-1.3.0-23.1
SUSE Linux Enterprise Server 12:libksba8-1.3.0-23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libksba8-1.3.0-23.1
SUSE Linux Enterprise Server for SAP Applications 12:libksba8-1.3.0-23.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libksba-devel-1.3.0-23.1
SUSE Linux Enterprise Software Development Kit 12:libksba-devel-1.3.0-23.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20161510-1/
https://www.suse.com/security/cve/CVE-2016-4574.html
CVE-2016-4574
https://bugzilla.suse.com/1135436
SUSE Bug 1135436
https://bugzilla.suse.com/979261
SUSE Bug 979261
Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."
CVE-2016-4579
SUSE Linux Enterprise Desktop 12 SP1:libksba8-1.3.0-23.1
SUSE Linux Enterprise Desktop 12:libksba8-1.3.0-23.1
SUSE Linux Enterprise Server 12 SP1:libksba8-1.3.0-23.1
SUSE Linux Enterprise Server 12:libksba8-1.3.0-23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libksba8-1.3.0-23.1
SUSE Linux Enterprise Server for SAP Applications 12:libksba8-1.3.0-23.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libksba-devel-1.3.0-23.1
SUSE Linux Enterprise Software Development Kit 12:libksba-devel-1.3.0-23.1
moderate
4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20161510-1/
https://www.suse.com/security/cve/CVE-2016-4579.html
CVE-2016-4579
https://bugzilla.suse.com/1135436
SUSE Bug 1135436
https://bugzilla.suse.com/979906
SUSE Bug 979906