USN-5688-1: Libksba vulnerability
19 October 2022
Libksba could be made to crash or run programs if it decoded specially crafted data.
Releases
Packages
- libksba - X.509 and CMS support library
Details
It was discovered that an integer overflow could be triggered in Libksba
when decoding certain data. An attacker could use this issue to cause a
denial of service (application crash) or possibly execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04
-
libksba8
-
1.3.3-1ubuntu0.16.04.1+esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
libksba8
-
1.3.0-3ubuntu0.14.04.2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5688-2: libksba-dev, libksba, libksba-mingw-w64-dev, libksba8