ASA-202101-45 log generated external raw

[ASA-202101-45] libgcrypt: arbitrary code execution
Arch Linux Security Advisory ASA-202101-45 ========================================== Severity: Critical Date : 2021-01-29 CVE-ID : CVE-2021-3345 Package : libgcrypt Type : arbitrary code execution Remote : No Link : Summary ======= The package libgcrypt before version 1.9.1-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 1.9.1-1. # pacman -Syu "libgcrypt>=1.9.1-1" The problem has been fixed upstream in version 1.9.1. Workaround ========== None. Description =========== _gcry_md_block_write in cipher/hash-common.c in libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs. The issue is fixed in version 1.9.1. Impact ====== An attacker is able to execute arbitrary code on the affected host before a given signature has been verified. References ==========;a=commitdiff;h=512c0c75276949f13b6373b5c04f7065af750b08