UbuntuUpdates.org

Package "libp11-kit0"

Name: libp11-kit0

Description:

library for loading and coordinating access to PKCS#11 modules - runtime

Latest version: 0.23.9-2ubuntu0.1
Release: bionic (18.04)
Level: updates
Repository: main
Head package: p11-kit
Homepage: http://p11-glue.freedesktop.org/p11-kit.html

Links


Download "libp11-kit0"


Other versions of "libp11-kit0" in Bionic

Repository Area Version
base main 0.23.9-2
security main 0.23.9-2ubuntu0.1

Changelog

Version: 0.23.9-2ubuntu0.1 2021-01-05 19:07:14 UTC

  p11-kit (0.23.9-2ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: multiple integer overflows
    - debian/patches/CVE-2020-29361-1.patch: check for arithmetic overflows
      before allocating in p11-kit/iter.c, p11-kit/lists.c,
      p11-kit/proxy.c, p11-kit/rpc-message.c, p11-kit/rpc-message.h,
      p11-kit/rpc-server.c, trust/index.c.
    - debian/patches/CVE-2020-29361-2.patch: follow-up to arithmetic
      overflow fix in common/compat.c, p11-kit/rpc-message.c.
    - CVE-2020-29361
  * SECURITY UPDATE: heap over-read in the RPC protocol
    - debian/patches/CVE-2020-29362.patch: fix bounds check in
      p11-kit/rpc-message.c.
    - CVE-2020-29362
  * SECURITY UPDATE: heap overflow in RPC protocol
    - debian/patches/CVE-2020-29363.patch: check attribute length against
      buffer size in p11-kit/rpc-message.c.
    - CVE-2020-29363

 -- Marc Deslauriers <email address hidden> Mon, 04 Jan 2021 14:08:12 -0500

CVE-2020-29361 An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit li
CVE-2020-29362 An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit s
CVE-2020-29363 An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit serve



About   -   Send Feedback to @ubuntu_updates