UbuntuUpdates.org

Package "libtasn1-6"

Name: libtasn1-6

Description:

Manage ASN.1 structures (runtime)

Latest version: 3.4-3ubuntu0.6
Release: trusty (14.04)
Level: updates
Repository: main
Homepage: http://www.gnu.org/software/libtasn1/

Links


Download "libtasn1-6"


Other versions of "libtasn1-6" in Trusty

Repository Area Version
base main 3.4-3
security main 3.4-3ubuntu0.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.4-3ubuntu0.6 2018-01-25 23:06:40 UTC

  libtasn1-6 (3.4-3ubuntu0.6) trusty-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference and DoS
    - debian/patches/CVE-2017-10790.patch: safer access to values
      read in /lib/parser_aux.c.
    - CVE-2017-10790

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 24 Jan 2018 16:37:09 -0300

Source diff to previous version
CVE-2017-10790 The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers

Version: 3.4-3ubuntu0.5 2017-06-05 18:06:47 UTC

  libtasn1-6 (3.4-3ubuntu0.5) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via specially crafted assignments file
    - debian/patches/CVE-2017-6891.patch: add checks to lib/parser_aux.c.
    - CVE-2017-6891

 -- Marc Deslauriers <email address hidden> Thu, 01 Jun 2017 13:15:06 -0400

Source diff to previous version
CVE-2017-6891 Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer

Version: 3.4-3ubuntu0.4 2016-05-02 20:06:52 UTC

  libtasn1-6 (3.4-3ubuntu0.4) trusty-security; urgency=medium

  * SECURITY UPDATE: infinite loop via malformed DER cert
    - debian/patches/CVE-2016-4008-1.patch: catch invalid input cases early
      in lib/decoding.c.
    - debian/patches/CVE-2016-4008-2.patch: properly account bytes read in
      lib/decoding.c.
    - CVE-2016-4008

 -- Marc Deslauriers <email address hidden> Tue, 26 Apr 2016 14:11:17 -0400

Source diff to previous version
CVE-2016-4008 Infinite loops parsing malicious DER certificates

Version: 3.4-3ubuntu0.3 2015-05-11 16:06:32 UTC

  libtasn1-6 (3.4-3ubuntu0.3) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    overflow in _asn1_extract_der_octet.
    - debian/patches/CVE-2015-3622.patch: properly handle length in
      lib/decoding.c.
    - CVE-2015-3622

 -- Marc Deslauriers <email address hidden> Fri, 01 May 2015 09:45:29 -0400

Source diff to previous version
CVE-2015-3622 Heap overflow / invalid read

Version: 3.4-3ubuntu0.2 2015-04-08 16:06:51 UTC

  libtasn1-6 (3.4-3ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    overflow in _asn1_ltostr
    - debian/patches/CVE-2015-2806.patch: introduce LTOSTR_MAX_SIZE and use
      in lib/coding.c, lib/decoding.c, lib/element.c, lib/parser_aux.c,
      lib/parser_aux.h.
    - CVE-2015-2806
 -- Marc Deslauriers <email address hidden> Thu, 02 Apr 2015 11:12:05 -0400

CVE-2015-2806 two-byte stack overflow in asn1_der_decoding



About   -   Send Feedback to @ubuntu_updates