MDKSA-2006:183

Package name

libksba

Date

2006-10-17

Advisory ID

MDKSA-2006:183

Affected versions

CS4.0 x86_64 , 2006.0 i586 , 2006.0 x86_64 , CS4.0 i586

Problem description

The libksba library, as used by gpgsm in the gnupg2 package, allows
attackers to cause a denial of service (application crash) via a
malformed X.509 certificate in a signature.

libksba-0.9.15 in Mandriva 2007.0 is not affected by this issue.

Updated packages have been patched to correct this issue.

Updated packages

CS4.0 x86_64

 6e447266e8b71fa94dfc271613f1df43  corporate/4.0/x86_64/lib64ksba8-0.9.11-2.1.20060mlcs4.x86_64.rpm
 6eab52fe9640a888f358ffa3e978cbea  corporate/4.0/x86_64/lib64ksba8-devel-0.9.11-2.1.20060mlcs4.x86_64.rpm 
 e8c7164eac4cc325120847f858944f2d  corporate/4.0/SRPMS/libksba-0.9.11-2.1.20060mlcs4.src.rpm

2006.0 i586

 8f3e8e56ed3cc75930ac17526e565e12  2006.0/i586/libksba8-0.9.11-2.1.20060mdk.i586.rpm
 c3e82905d3281c6c32bf3689ad606866  2006.0/i586/libksba8-devel-0.9.11-2.1.20060mdk.i586.rpm 
 2e4266dd10459a85e466e0158d980b31  2006.0/SRPMS/libksba-0.9.11-2.1.20060mdk.src.rpm

2006.0 x86_64

 34895ba2aef7cedd7463720a333e125c  2006.0/x86_64/lib64ksba8-0.9.11-2.1.20060mdk.x86_64.rpm
 014585f62f3074d3bd6646eac7076d39  2006.0/x86_64/lib64ksba8-devel-0.9.11-2.1.20060mdk.x86_64.rpm 
 2e4266dd10459a85e466e0158d980b31  2006.0/SRPMS/libksba-0.9.11-2.1.20060mdk.src.rpm

CS4.0 i586

 cddf7be9c4bbf73b688cc0c95a6b77ce  corporate/4.0/i586/libksba8-0.9.11-2.1.20060mlcs4.i586.rpm
 d6252717330d573c24dea70899365e4d  corporate/4.0/i586/libksba8-devel-0.9.11-2.1.20060mlcs4.i586.rpm 
 e8c7164eac4cc325120847f858944f2d  corporate/4.0/SRPMS/libksba-0.9.11-2.1.20060mlcs4.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5111