Project

General

Profile

5.7.1

01.10.2018

Minor Release

No issues for this version

Version 5.7.1

  • Fixes a vulnerability in the gmp plugin triggered by crafted certificates with RSA keys with
    very small moduli. When verifying signatures with such keys, the code patched with the fix
    for CVE-2018-16151/2 caused an integer underflow and subsequent heap buffer overflow
    that results in a crash of the daemon.
    The vulnerability has been registered as CVE-2018-17540.
    Please refer to our blog for details.
  • This release contains no other changes, please refer to 5.7.0 for other features and fixes.