ArchLinux: 201605-17: libksba: denial of service
Summary
An out-of-bound read access due to incorrect utf-8 strings handling has been in found in the _ksba_dn_to_str() function. This issue is due to an incomplete fix for CVE-2016-4356, caused by an off-by-one error when handling incorrect utf-8 strings.
Resolution
Upgrade to 1.3.4-1.
# pacman -Syu "libksba>=1.3.4-1"
The problem has been fixed upstream in version 1.3.4.
References
https://bugs.archlinux.org/task/49289 https://www.openwall.com/lists/oss-security/2016/05/10/4 https://access.redhat.com/security/cve/CVE-2016-4574
Workaround
None.