PublicDateAtUSN: 2016-05-13
Candidate: CVE-2016-4579
PublicDate: 2016-06-13 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4579
 https://ubuntu.com/security/notices/USN-2982-1
Description:
 Libksba before 1.3.4 allows remote attackers to cause a denial of service
 (out-of-bounds read and crash) via unspecified vectors, related to the
 "returned length of the object from _ksba_ber_parse_tl."
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.gnupg.org/gnupg/issue2344
Priority: medium
Discovered-by: Pascal Cuoq
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_libksba:
 upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64
upstream_libksba: released (1.3.4-3)
precise_libksba: released (1.2.0-2ubuntu0.2)
trusty_libksba: released (1.3.0-3ubuntu0.14.04.2)
trusty/esm_libksba: DNE (trusty was released [1.3.0-3ubuntu0.14.04.2])
vivid/stable-phone-overlay_libksba: DNE
vivid/ubuntu-core_libksba: DNE
wily_libksba: released (1.3.3-1ubuntu0.15.10.1)
xenial_libksba: released (1.3.3-1ubuntu0.16.04.1)
esm-infra/xenial_libksba: released (1.3.3-1ubuntu0.16.04.1)
devel_libksba: not-affected (1.3.4-3)