Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0530: Red Hat Security Advisory: libksba security update

An update for libksba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-47629: libksba: integer overflow to code execution
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#ssl

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-01-30

Updated:

2023-01-30

RHSA-2023:0530 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: libksba security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libksba is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KSBA (pronounced Kasbah) is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS.

Security Fix(es):

  • libksba: integer overflow to code executiona (CVE-2022-47629)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 2161571 - CVE-2022-47629 libksba: integer overflow to code execution

Red Hat Enterprise Linux Server 7

SRPM

libksba-1.3.0-7.el7_9.src.rpm

SHA-256: b4893bf6bcb745d7fbe86d45fccd4613b3eac2311c2e60103495936085e49d7e

x86_64

libksba-1.3.0-7.el7_9.i686.rpm

SHA-256: 61fcde886ec81c6c799f251070af34807dfa22a31f3658f4573441fe7c481a28

libksba-1.3.0-7.el7_9.x86_64.rpm

SHA-256: fea397ef53fc04014cd5720bc8866c67e11db4a6608c2f70396f17519117470d

libksba-debuginfo-1.3.0-7.el7_9.i686.rpm

SHA-256: d7cae241c5ae2b68d680776d7ed2ce467d1b4d4da52edfb4ce9e55c8fa93a8eb

libksba-debuginfo-1.3.0-7.el7_9.x86_64.rpm

SHA-256: 9b2c5743cf6704a009a0d49f60170c6dcf1ca82b267d9e325dfa3dec4e566e30

libksba-devel-1.3.0-7.el7_9.i686.rpm

SHA-256: c267ee053a4a5c67511413c7c4005bcbf98ee5d0030befecfb4c0340e30b4540

libksba-devel-1.3.0-7.el7_9.x86_64.rpm

SHA-256: a9cdf02a8d426b6ab29cac1c3e91fe6f69724bb9c16346a3ab5b58f32d49cdb6

Red Hat Enterprise Linux Workstation 7

SRPM

libksba-1.3.0-7.el7_9.src.rpm

SHA-256: b4893bf6bcb745d7fbe86d45fccd4613b3eac2311c2e60103495936085e49d7e

x86_64

libksba-1.3.0-7.el7_9.i686.rpm

SHA-256: 61fcde886ec81c6c799f251070af34807dfa22a31f3658f4573441fe7c481a28

libksba-1.3.0-7.el7_9.x86_64.rpm

SHA-256: fea397ef53fc04014cd5720bc8866c67e11db4a6608c2f70396f17519117470d

libksba-debuginfo-1.3.0-7.el7_9.i686.rpm

SHA-256: d7cae241c5ae2b68d680776d7ed2ce467d1b4d4da52edfb4ce9e55c8fa93a8eb

libksba-debuginfo-1.3.0-7.el7_9.x86_64.rpm

SHA-256: 9b2c5743cf6704a009a0d49f60170c6dcf1ca82b267d9e325dfa3dec4e566e30

libksba-devel-1.3.0-7.el7_9.i686.rpm

SHA-256: c267ee053a4a5c67511413c7c4005bcbf98ee5d0030befecfb4c0340e30b4540

libksba-devel-1.3.0-7.el7_9.x86_64.rpm

SHA-256: a9cdf02a8d426b6ab29cac1c3e91fe6f69724bb9c16346a3ab5b58f32d49cdb6

Red Hat Enterprise Linux Desktop 7

SRPM

libksba-1.3.0-7.el7_9.src.rpm

SHA-256: b4893bf6bcb745d7fbe86d45fccd4613b3eac2311c2e60103495936085e49d7e

x86_64

libksba-1.3.0-7.el7_9.i686.rpm

SHA-256: 61fcde886ec81c6c799f251070af34807dfa22a31f3658f4573441fe7c481a28

libksba-1.3.0-7.el7_9.x86_64.rpm

SHA-256: fea397ef53fc04014cd5720bc8866c67e11db4a6608c2f70396f17519117470d

libksba-debuginfo-1.3.0-7.el7_9.i686.rpm

SHA-256: d7cae241c5ae2b68d680776d7ed2ce467d1b4d4da52edfb4ce9e55c8fa93a8eb

libksba-debuginfo-1.3.0-7.el7_9.x86_64.rpm

SHA-256: 9b2c5743cf6704a009a0d49f60170c6dcf1ca82b267d9e325dfa3dec4e566e30

libksba-devel-1.3.0-7.el7_9.i686.rpm

SHA-256: c267ee053a4a5c67511413c7c4005bcbf98ee5d0030befecfb4c0340e30b4540

libksba-devel-1.3.0-7.el7_9.x86_64.rpm

SHA-256: a9cdf02a8d426b6ab29cac1c3e91fe6f69724bb9c16346a3ab5b58f32d49cdb6

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

libksba-1.3.0-7.el7_9.src.rpm

SHA-256: b4893bf6bcb745d7fbe86d45fccd4613b3eac2311c2e60103495936085e49d7e

s390x

libksba-1.3.0-7.el7_9.s390.rpm

SHA-256: 56a607b4747ebf8e07eb0d9ecb22a69b5c234c4a05404467047bd5614ab2b9ed

libksba-1.3.0-7.el7_9.s390x.rpm

SHA-256: faadcbd7c1d1ec84673fd365a919dbf995ac20b04a7a0c4630db2ffc992a3546

libksba-debuginfo-1.3.0-7.el7_9.s390.rpm

SHA-256: 51ceb29911b7fa4358f42e0df36c3345474925f8b06bd9e1f183f2f84ef0ecfe

libksba-debuginfo-1.3.0-7.el7_9.s390x.rpm

SHA-256: 8470070a9db676d3a5bf57592ee4b0b75064ee8905a87b3f4386b0f2c2fba688

libksba-devel-1.3.0-7.el7_9.s390.rpm

SHA-256: 2a52897467cb226b36c4514feaca792997faa846f403a2ffd893608712f0d1a6

libksba-devel-1.3.0-7.el7_9.s390x.rpm

SHA-256: 9497ca0a2918b66fa9250dfda76aa81e8ea237c0f67bb7e97b99dabc341d07da

Red Hat Enterprise Linux for Power, big endian 7

SRPM

libksba-1.3.0-7.el7_9.src.rpm

SHA-256: b4893bf6bcb745d7fbe86d45fccd4613b3eac2311c2e60103495936085e49d7e

ppc64

libksba-1.3.0-7.el7_9.ppc.rpm

SHA-256: f0c37a740883dad48baa654a06f41ee81080d0c89c04df42cd8a74ed358aee89

libksba-1.3.0-7.el7_9.ppc64.rpm

SHA-256: fb576dff9ec1aee1c4cb36d8765d24016efb51b95766b0fd91142a71e4d902a6

libksba-debuginfo-1.3.0-7.el7_9.ppc.rpm

SHA-256: c217b309248ee4f5ed87e4af80950fb8904e6c1fc0dcd804e780dc9612f923c9

libksba-debuginfo-1.3.0-7.el7_9.ppc64.rpm

SHA-256: 89414af39939a5639d555308b86352aeb9ce20c30ade856b0321ccd9f07279b5

libksba-devel-1.3.0-7.el7_9.ppc.rpm

SHA-256: 41587fa565051a2ce1286664511908ea6e8028eb2f7081e5ae12c8834c3d498a

libksba-devel-1.3.0-7.el7_9.ppc64.rpm

SHA-256: d6b2e4a097212542c5c9f9dc984ed82c13cf26942b9ba781bfcc57d3f9711c1b

Red Hat Enterprise Linux for Scientific Computing 7

SRPM

libksba-1.3.0-7.el7_9.src.rpm

SHA-256: b4893bf6bcb745d7fbe86d45fccd4613b3eac2311c2e60103495936085e49d7e

x86_64

libksba-1.3.0-7.el7_9.i686.rpm

SHA-256: 61fcde886ec81c6c799f251070af34807dfa22a31f3658f4573441fe7c481a28

libksba-1.3.0-7.el7_9.x86_64.rpm

SHA-256: fea397ef53fc04014cd5720bc8866c67e11db4a6608c2f70396f17519117470d

libksba-debuginfo-1.3.0-7.el7_9.i686.rpm

SHA-256: d7cae241c5ae2b68d680776d7ed2ce467d1b4d4da52edfb4ce9e55c8fa93a8eb

libksba-debuginfo-1.3.0-7.el7_9.x86_64.rpm

SHA-256: 9b2c5743cf6704a009a0d49f60170c6dcf1ca82b267d9e325dfa3dec4e566e30

libksba-devel-1.3.0-7.el7_9.i686.rpm

SHA-256: c267ee053a4a5c67511413c7c4005bcbf98ee5d0030befecfb4c0340e30b4540

libksba-devel-1.3.0-7.el7_9.x86_64.rpm

SHA-256: a9cdf02a8d426b6ab29cac1c3e91fe6f69724bb9c16346a3ab5b58f32d49cdb6

Red Hat Enterprise Linux for Power, little endian 7

SRPM

libksba-1.3.0-7.el7_9.src.rpm

SHA-256: b4893bf6bcb745d7fbe86d45fccd4613b3eac2311c2e60103495936085e49d7e

ppc64le

libksba-1.3.0-7.el7_9.ppc64le.rpm

SHA-256: bfe37677302cb5b938f0e03627fe2101bb565b97037e465287c19d382feaa748

libksba-debuginfo-1.3.0-7.el7_9.ppc64le.rpm

SHA-256: 498dd64cb96dc59304d3a61e5a1182fcb33fafaef06fdb6899fd2b512d570104

libksba-devel-1.3.0-7.el7_9.ppc64le.rpm

SHA-256: 2d28e2e6980eca2545cc9c2370310e6aa314890843a87837d681f058b63d360b

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

RHSA-2023:4053: Red Hat Security Advisory: OpenShift Container Platform 4.11.45 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...

Red Hat Security Advisory 2023-3624-01

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-1326-01

Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

RHSA-2023:1448: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.3.2 security update

Red Hat OpenShift Service Mesh Containers for 2.3.2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server t...

RHSA-2023:1286: Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update

Migration Toolkit for Runtimes 1.0.2 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31690: A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system. * CVE-2022-41966: A flaw was found in the xstream package. This flaw allows an atta...

Red Hat Security Advisory 2023-1170-01

Red Hat Security Advisory 2023-1170-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

Red Hat Security Advisory 2023-1079-01

Red Hat Security Advisory 2023-1079-01 - An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train).

RHSA-2023:1079: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container) security update

An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to c...

RHSA-2023:0977: Red Hat Security Advisory: Red Hat OpenShift Data Science 1.22.1 security update

An update for kubeflow, dashboard, deployer is now available for Red Hat OpenShift Data Science 1.22. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0923: A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.

RHSA-2023:0918: Red Hat Security Advisory: Service Binding Operator security update

An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. W...

RHSA-2023:0778: Red Hat Security Advisory: OpenShift Container Platform 4.9.56 security update

Red Hat OpenShift Container Platform release 4.9.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.

Red Hat Security Advisory 2023-0770-01

Red Hat Security Advisory 2023-0770-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

RHSA-2023:0859: Red Hat Security Advisory: Red Hat Virtualization Host 4.4.z SP 1 security update batch#4 (oVirt-4.5.3-4)

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4139: An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. * CVE-2022-47629: A vulnerability was found in the Libksba library, due to an integer ...

Red Hat Security Advisory 2023-0802-01

Red Hat Security Advisory 2023-0802-01 - An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important.

Red Hat Security Advisory 2023-0633-01

Red Hat Security Advisory 2023-0633-01 - Logging Subsystem 5.5.7 - Red Hat OpenShift.

Red Hat Security Advisory 2023-0632-01

Red Hat Security Advisory 2023-0632-01 - Logging Subsystem 5.4.11 - Red Hat OpenShift.

RHSA-2023:0698: Red Hat Security Advisory: OpenShift Container Platform 4.10.52 security update

Red Hat OpenShift Container Platform release 4.10.52 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.

Red Hat Security Advisory 2023-0626-01

Red Hat Security Advisory 2023-0626-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0594-01

Red Hat Security Advisory 2023-0594-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

RHSA-2023:0629: Red Hat Security Advisory: libksba security update

An update for libksba is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-47629: A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

RHSA-2023:0624: Red Hat Security Advisory: libksba security update

An update for libksba is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-47629: A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

RHSA-2023:0626: Red Hat Security Advisory: libksba security update

An update for libksba is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-47629: A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

RHSA-2023:0625: Red Hat Security Advisory: libksba security update

An update for libksba is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-47629: A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

RHSA-2023:0594: Red Hat Security Advisory: libksba security update

An update for libksba is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-47629: A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

RHSA-2023:0592: Red Hat Security Advisory: libksba security update

An update for libksba is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-47629: A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system ...

RHSA-2023:0593: Red Hat Security Advisory: libksba security update

An update for libksba is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-47629: A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

Red Hat Security Advisory 2023-0530-01

Red Hat Security Advisory 2023-0530-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

Ubuntu Security Notice USN-5787-2

Ubuntu Security Notice 5787-2 - USN-5787-1 fixed vulnerabilities in Libksba. This update provides the corresponding updates for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM. It was discovered that Libksba incorrectly handled parsing CRL signatures. A remote attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-5787-1

Ubuntu Security Notice 5787-1 - It was discovered that Libksba incorrectly handled parsing CRL signatures. A remote attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code.

Gentoo Linux Security Advisory 202212-07

Gentoo Linux Security Advisory 202212-7 - An integer overflow vulnerability has been found in libksba which could result in remote code execution. Versions less than 1.6.3 are affected.

Debian Security Advisory 5305-1

Debian Linux Security Advisory 5305-1 - An integer overflow flaw was discovered in the CRL signature parser in libksba, an X.509 and CMS support library, which could result in denial of service or the execution of arbitrary code.

CVE-2022-47629: ⚓ T6284 Another integer overflow in Libksba

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.