UbuntuUpdates.org

Package "libtasn1-3"

Name: libtasn1-3

Description:

Manage ASN.1 structures (runtime)

Latest version: 2.10-1ubuntu1.6
Release: precise (12.04)
Level: security
Repository: main
Homepage: http://www.gnu.org/software/libtasn1/

Links


Download "libtasn1-3"


Other versions of "libtasn1-3" in Precise

Repository Area Version
base main 2.10-1ubuntu1
updates main 2.10-1ubuntu1.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.10-1ubuntu1.6 2021-05-03 14:07:16 UTC

  libtasn1-3 (2.10-1ubuntu1.6) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: buffer overflow via specially crafted assignments file
    - debian/patches/CVE-2017-6891.patch: add checks lib/parser_aux.c.
    - CVE-2017-6891

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 11 Jul 2017 11:23:44 -0300

Source diff to previous version
CVE-2017-6891 Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer

Version: 2.10-1ubuntu1.5 2016-05-02 18:06:40 UTC

  libtasn1-3 (2.10-1ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: infinite loop via malformed DER cert
    - debian/patches/CVE-2016-4008-1.patch: catch invalid input cases early
      in lib/decoding.c.
    - debian/patches/CVE-2016-4008-2.patch: properly account bytes read in
      lib/decoding.c.
    - CVE-2016-4008

 -- Marc Deslauriers <email address hidden> Tue, 26 Apr 2016 14:20:41 -0400

Source diff to previous version
CVE-2016-4008 Infinite loops parsing malicious DER certificates

Version: 2.10-1ubuntu1.4 2015-05-12 12:06:24 UTC

  libtasn1-3 (2.10-1ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    overflow in _asn1_extract_der_octet.
    - debian/patches/CVE-2015-3622.patch: properly handle length in
      lib/decoding.c.
    - CVE-2015-3622

 -- Marc Deslauriers <email address hidden> Fri, 01 May 2015 09:46:08 -0400

Source diff to previous version
CVE-2015-3622 Heap overflow / invalid read

Version: 2.10-1ubuntu1.3 2015-04-08 15:06:31 UTC

  libtasn1-3 (2.10-1ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    overflow in _asn1_ltostr
    - debian/patches/CVE-2015-2806.patch: introduce LTOSTR_MAX_SIZE and use
      in lib/coding.c, lib/decoding.c, lib/element.c, lib/parser_aux.c,
      lib/parser_aux.h.
    - CVE-2015-2806
 -- Marc Deslauriers <email address hidden> Thu, 02 Apr 2015 11:22:00 -0400

Source diff to previous version
CVE-2015-2806 two-byte stack overflow in asn1_der_decoding

Version: 2.10-1ubuntu1.2 2014-07-22 18:06:44 UTC

  libtasn1-3 (2.10-1ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    invalid ASN.1 data
    - debian/patches/CVE-2014-3467-3468.patch: properly calculate lengths
      in lib/decoding.c.
    - CVE-2014-3467
    - CVE-2014-3468
  * SECURITY UPDATE: denial of service via NULL value
    - debian/patches/CVE-2014-3469.patch: check for NULLs in lib/element.c.
    - CVE-2014-3469
 -- Marc Deslauriers <email address hidden> Fri, 18 Jul 2014 13:36:06 -0400

CVE-2014-3467 Multiple unspecified vulnerabilities in the DER decoder in GNU ...
CVE-2014-3468 The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not ...
CVE-2014-3469 The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU ...



About   -   Send Feedback to @ubuntu_updates