5.7.1
01.10.2018
Minor Release
No issues for this version
Version 5.7.1¶
- Fixes a vulnerability in the gmp plugin triggered by crafted certificates with RSA keys with
very small moduli. When verifying signatures with such keys, the code patched with the fix
for CVE-2018-16151/2 caused an integer underflow and subsequent heap buffer overflow
that results in a crash of the daemon.
The vulnerability has been registered as CVE-2018-17540.
Please refer to our blog for details.
- This release contains no other changes, please refer to 5.7.0 for other features and fixes.