It was found that an unproportionate amount of memory is allocated when parsing crafted certificates in libskba, which may lead to DoS. Moreover in libksba 1.3.4, allocated memory is uninitialized and could potentially contain sensitive data left in freed memory block. Public via: http://seclists.org/oss-sec/2016/q3/343
Created libksba tracking bugs for this issue: Affects: fedora-all [bug 1369815]
libksba-1.3.5-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
libksba-1.3.5-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
libksba-1.3.5-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.