[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 950-1] libtasn1-3 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libtasn1-3
Version        : 2.13-2+deb7u4
CVE ID         : CVE-2017-6891

Secunia Research has discovered multiple vulnerabilities in GnuTLS
libtasn1, which can be exploited by malicious people to compromise
a vulnerable system.

Two errors in the "asn1_find_node()" function (lib/parser_aux.c)
can be exploited to cause a stacked-based buffer overflow.

Successful exploitation of the vulnerabilities allows execution
of arbitrary code but requires tricking a user into processing
a specially crafted assignments file by e.g. asn1Coding utility.


For Debian 7 "Wheezy", this problem has been fixed in version
2.13-2+deb7u4.

We recommend that you upgrade your libtasn1-3 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJZJJ1vXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHYW0QAKM/5hUUwx1ICOOYbrly07BS
f0vTytCe+9cJCltiawHONTOULni0syTFfTttgWuF+vGrEDbd43mFE8ZEvGGQVE/K
3MhDax0tdiaI/M4535OaVObYB8C0YqBe8NS8PRn6Rhf4DbMifDXN1MBIwS9p4ANk
eGj1GJtI3kc7aDMwqJMboaLCypZTvas7htUjCD9Ot8tS8e6ArMLFmjtQVlON+AB2
dUoYu1kXRvPhx39c7EjOvEMVtM1TlklIt7cTRMAaMZw9GFyUjwxPCtMRkrRzeSme
kBEYDAWqG+Fp2GLUU4orHNBLFS8hhepxVFjPM/zkRfqJ6HAiwECS8/4Bdko+IAwJ
V/a277OcQvFwG6ryJjh8ppvgcy8rn+8Due0hC8Vk60EQqdj3Y1h1EUN5ohWUm7Q+
LLPyl3IBaEpj4gcjiB7/jDIBK8uumXjcC9pqXBGIWz1JTu8vd1CXnSTdSgNzl2O2
l76jIDzpD8Ts1yKqEl3H8ST+N76j4Zx5QNAg6FkK5rkB/lwpHYvpavldHJK1ucjX
1cfXXaGzMHvDhm/cQ4XaDbnCR3c+FYK1k0V/XKX1UD2Vv9w2XZJdz0NBjHMD6X+e
C6Flczt3NgBu6pZsMwXC2xXJ6JrLiSXTrF6tIamG9Ce7LqYB0dxIbTaXGb5tItxK
EYL/iaxPP3tCEW2camvI
=zBHp
-----END PGP SIGNATURE-----


Reply to: