Bug 979906 (CVE-2016-4579) - VUL-0: CVE-2016-4579: libksba: Out-of-bounds read in _ksba_ber_parse_tl
Summary: VUL-0: CVE-2016-4579: libksba: Out-of-bounds read in _ksba_ber_parse_tl
Status: RESOLVED FIXED
Alias: CVE-2016-4579
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Deadline: 2016-05-31
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/169009/
Whiteboard: CVSSv2:RedHat:CVE-2016-4579:4.3:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-13 12:41 UTC by Alexander Bergmann
Modified: 2016-08-30 12:22 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2016-05-13 12:41:58 UTC 
rh#1335396

A vulnerability was found in libksba. The returned length of the object from _ksba_ber_parse_tl (ti.length) was not always checked against the actual buffer length, thus leading to a read access after the end of the buffer and a crash.

Upstream fix:

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64

References:

http://seclists.org/oss-sec/2016/q2/304

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1335396
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4579
http://seclists.org/oss-sec/2016/q2/321
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4579.html
Comment 1 Forgotten User l5HDYKT_qR 2016-05-13 13:18:03 UTC 
Fixed by submission for 979261.
Comment 2 Bernhard Wiedemann 2016-05-13 14:00:14 UTC 
This is an autogenerated message for OBS integration:
This bug (979906) was mentioned in
https://build.opensuse.org/request/show/395170 13.2 / libksba
Comment 4 Swamp Workflow Management 2016-05-17 08:58:50 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2016-05-31.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62760
Comment 5 Swamp Workflow Management 2016-06-07 12:08:20 UTC 
SUSE-SU-2016:1509-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 979261,979906
CVE References: CVE-2016-4574,CVE-2016-4579
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libksba-1.0.4-1.25.1
SUSE Linux Enterprise Server 11-SP4 (src):    libksba-1.0.4-1.25.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libksba-1.0.4-1.25.1
Comment 6 Swamp Workflow Management 2016-06-07 12:08:48 UTC 
SUSE-SU-2016:1510-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 979261,979906
CVE References: CVE-2016-4574,CVE-2016-4579
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libksba-1.3.0-23.1
SUSE Linux Enterprise Software Development Kit 12 (src):    libksba-1.3.0-23.1
SUSE Linux Enterprise Server 12-SP1 (src):    libksba-1.3.0-23.1
SUSE Linux Enterprise Server 12 (src):    libksba-1.3.0-23.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libksba-1.3.0-23.1
SUSE Linux Enterprise Desktop 12 (src):    libksba-1.3.0-23.1
Comment 7 Swamp Workflow Management 2016-06-08 11:08:03 UTC 
openSUSE-SU-2016:1525-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 979261,979906
CVE References: CVE-2016-4574,CVE-2016-4579
Sources used:
openSUSE Leap 42.1 (src):    libksba-1.3.0-7.1
Comment 8 Marcus Meissner 2016-06-16 14:47:00 UTC 
done i think