OSG-SEC-2022-10-25 HIGH libksba integer overflow
Dear OSG Security Contacts,
A vulnerability was found in the libksba library due to an integer overflow within the CRL parser. The vulnerability is outlined in CVE-2022-3515.  KSBA (pronounced Kasbah) is a library to make X.509 certificates as well as the CMS (Cryptographic Message Syntax) easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS.
All versions of libksba before 1.6.2.
WHAT ARE THE VULNERABILITIES:
The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. 
WHAT YOU SHOULD DO:
Update affected systems as patches become available. Fixes are available for RedHat EL7, 8 and 9. All currently supported versions of Ubuntu also have fixes available.
Sites running RHEL should see 
Sites running CentOS should also see 
Sites running Ubuntu should see 
Sites running Scientific Linux should see 
Sites running Debian should see 
Sites running RockyLinux should see 
Sites running Almalinux should see 
Please contact the OSG security team at sec[email protected] if you have any questions or concerns.
OSG Security Team