This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in lib/asn1_decoder.c due to integer overflow. A local attacker can submit specially crafted ASN.1 data and gain root privileges.
Update the affected packages
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?