[SECURITY] [DLA 1038-1] libtasn1-3 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1038-1] libtasn1-3 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 24 Jul 2017 22:19:04 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1707242218190.21700@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libtasn1-3
Version        : 2.13-2+deb7u5
CVE ID         : CVE-2017-10790

CVE-2017-10790
     The _asn1_check_identifier function in GNU Libtasn1 through 4.12
     causes a NULL pointer dereference and crash when reading crafted
     input that triggers assignment of a NULL value within an asn1_node
     structure. It may lead to a remote denial of service attack.


For Debian 7 "Wheezy", these problems have been fixed in version
2.13-2+deb7u5.

We recommend that you upgrade your libtasn1-3 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJZdlY4XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH/L4P+wYoMrx4DQO1Us9wtC8HEIun
ollJ+Mkzu5aFA3skoVptnRPCCMeWMI+uORC5jsgkzxRDccLtY5kABkxMMSgyw9Bf
GoPGqTn1e0FHto14Hy6siVU75KHgzfToXQG2axtBExKT/3McypokmVX6SQ3VpuzT
3tq965WDlHO+hhuwVGZDi5hi/MA+C3EP44RSYjj8Hq7HOLz+M+SfG40IsbZ3GTl8
yhZPLQ9U1kMkzZ8m58ebLmJuttKdOo5fXu8KaTUGTHWbdejoenFXPiEcDt+8tzWY
6qPG7TRsKV6qAltQrQYOFDvLQRkzrhQiN1yw6L/AVaV65xOfoNUzVbs1DVTNyRla
b3zoY+etl+x5venRqzVcoJpU00MeQUHY9CEytbcOWbQ4f3MmrHq8gYo8U+pyfk73
YVRkovS20i9ViUaNI+iohBBRAy1KsjnWCYqnWUBEjeZcCOa5iy6+opTZM8hax62K
bBMDp+cYT53p79aYnTtFvwL7O2JXhhCWECHms15rXirQc4t2XRuZlFrJDw9bDIUw
G6mYmMFNK/NvPemVWZJvNCAoGTkUiDY4zBMpsaypLHQd3hw4cDm8geskFKlPk6a2
XLL7OMjo7tAgJwlIdc1ecJlY1FIkJEAAKWp59ETWGw4diRVSyVgolfd7LGVr0Uxe
L0ZwZ47L6rPx4AOxcdjC
=h/AY
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1036-1] gsoap security update
Next by Date: [SECURITY] [DLA 1037-1] catdoc security update
Previous by thread: [SECURITY] [DLA 1036-1] gsoap security update
Next by thread: [SECURITY] [DLA 1037-1] catdoc security update
Index(es):
- Date
- Thread