A bug found in libksba, the library used by GnuPG for parsing the ASN.1 structures as used by S/MIME. The bug affects all versions of Libksba before 1.6.2 and may be used for remote code execution. https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html https://dev.gnupg.org/T6230 https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b https://lwn.net/Articles/911467/
Created libksba tracking bugs for this issue: Affects: fedora-all [bug 2135617]
Upstream Commit: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=4b7d9cd4a018898d7714ce06f3faf2626c14582b
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:7088 https://access.redhat.com/errata/RHSA-2022:7088
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7089 https://access.redhat.com/errata/RHSA-2022:7089
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7090 https://access.redhat.com/errata/RHSA-2022:7090
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:7209 https://access.redhat.com/errata/RHSA-2022:7209
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2022:7283 https://access.redhat.com/errata/RHSA-2022:7283
FEDORA-2022-7c13845b0d has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:7927 https://access.redhat.com/errata/RHSA-2022:7927
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:8598 https://access.redhat.com/errata/RHSA-2022:8598
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-3515