Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 May 2016 14:09:11 +0200
From: Andreas Stieger <>
Subject: Re: Re: CVE request: three issues in libksba


On 04/29/2016 06:13 PM, wrote:
> > Integer overflow in the DN decoder src/dn.c
> >
> This might be an error in the original
> advisory. We did not notice
> any obvious relationship between
> 243d12fdec66a4360fbb3e307a046b39b5b4ffc3 and an integer overflow fix.
> The 243d12fdec66a4360fbb3e307a046b39b5b4ffc3 commit message seems to
> focus on "read access out of bounds." Also, there is no other recent
> commit at
> that refers to an integer overflow. Possibly there was an inapplicable
> copy-and-paste of "Integer overflow in the" from the previous report
> about the BER decoder.
> Use CVE-2016-4356 for the 243d12fdec66a4360fbb3e307a046b39b5b4ffc3
> issue that is described as "Fix encoding of invalid utf-8 strings in
> dn.c" and "read access out of bounds."

There is a follow-up fix in libksba 1.3.4 for this issue:;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75

> Fix an OOB read access in _ksba_dn_to_str.
> * src/dn.c (append_utf8_value): Use a straightforward check to fix an
> off-by-one.
> --
> The old fix for the problem from April 2015 had an off-by-one in the
> bad encoding handing.
> Fixes-commit: 243d12fdec66a4360fbb3e307a046b39b5b4ffc3
> <;a=object;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3>
> GnuPG-bug-id: 2344
> Reported-by: Pascal Cuoq
> Signed-off-by: Werner Koch <>


Andreas Stieger <>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton,
HRB 21284 (AG N├╝rnberg)

Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ