UbuntuUpdates.org

Package "libtasn1-6"

Name: libtasn1-6

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • transitional libtasn1-3-bin package
  • Manage ASN.1 structures (binaries)
Latest version: 4.7-3ubuntu0.16.04.3
Release: xenial (16.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libtasn1-6" in Xenial

Repository Area Version
base universe 4.7-3
base main 4.7-3
security main 4.7-3ubuntu0.16.04.3
updates universe 4.7-3ubuntu0.16.04.3
updates main 4.7-3ubuntu0.16.04.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.7-3ubuntu0.16.04.3 2018-01-26 06:06:45 UTC

  libtasn1-6 (4.7-3ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference and DoS
    - debian/patches/CVE-2017-10790.patch: safer access to values
      read in /lib/parser_aux.c.
    - CVE-2017-10790
  * SECURITY UPDATE: Unlimited recurssion leading to DoS attack
    - debian/patches/CVE-2018-6003.patch: restrics the levels of
      recurssion to 3.
    - CVE-2018-6003

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 24 Jan 2018 18:47:01 -0300
Source diff to previous version
CVE-2017-10790 The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers
CVE-2018-6003 An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder lea

Version: 4.7-3ubuntu0.16.04.2 2017-06-06 02:06:43 UTC

  libtasn1-6 (4.7-3ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via specially crafted assignments file
    - debian/patches/CVE-2017-6891.patch: add checks to lib/parser_aux.c.
    - CVE-2017-6891

 -- Marc Deslauriers <email address hidden> Thu, 01 Jun 2017 13:14:42 -0400
Source diff to previous version
CVE-2017-6891 Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer

Version: 4.7-3ubuntu0.16.04.1 2016-05-02 19:06:27 UTC

  libtasn1-6 (4.7-3ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: infinite loop via malformed DER cert
    - debian/patches/CVE-2016-4008-1.patch: catch invalid input cases early
      in lib/decoding.c.
    - debian/patches/CVE-2016-4008-2.patch: properly account bytes read in
      lib/decoding.c.
    - CVE-2016-4008

 -- Marc Deslauriers <email address hidden> Tue, 26 Apr 2016 11:10:25 -0400
CVE-2016-4008 Infinite loops parsing malicious DER certificates


About   -   Send Feedback to @ubuntu_updates