UbuntuUpdates.org

Package "libtasn1-bin"

Name: libtasn1-bin

Description:

Manage ASN.1 structures (binaries)

Latest version: 4.7-3ubuntu0.16.04.3
Release: xenial (16.04)
Level: updates
Repository: universe
Head package: libtasn1-6
Homepage: http://www.gnu.org/software/libtasn1/

Links


Download "libtasn1-bin"


Other versions of "libtasn1-bin" in Xenial

Repository Area Version
base universe 4.7-3
security universe 4.7-3ubuntu0.16.04.3

Changelog

Version: 4.7-3ubuntu0.16.04.3 2018-01-25 23:06:44 UTC

  libtasn1-6 (4.7-3ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference and DoS
    - debian/patches/CVE-2017-10790.patch: safer access to values
      read in /lib/parser_aux.c.
    - CVE-2017-10790
  * SECURITY UPDATE: Unlimited recurssion leading to DoS attack
    - debian/patches/CVE-2018-6003.patch: restrics the levels of
      recurssion to 3.
    - CVE-2018-6003

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 24 Jan 2018 18:47:01 -0300

Source diff to previous version
CVE-2017-10790 The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers
CVE-2018-6003 An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder lea

Version: 4.7-3ubuntu0.16.04.2 2017-06-05 18:06:53 UTC

  libtasn1-6 (4.7-3ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via specially crafted assignments file
    - debian/patches/CVE-2017-6891.patch: add checks to lib/parser_aux.c.
    - CVE-2017-6891

 -- Marc Deslauriers <email address hidden> Thu, 01 Jun 2017 13:14:42 -0400

Source diff to previous version
CVE-2017-6891 Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer

Version: 4.7-3ubuntu0.16.04.1 2016-05-02 20:06:56 UTC

  libtasn1-6 (4.7-3ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: infinite loop via malformed DER cert
    - debian/patches/CVE-2016-4008-1.patch: catch invalid input cases early
      in lib/decoding.c.
    - debian/patches/CVE-2016-4008-2.patch: properly account bytes read in
      lib/decoding.c.
    - CVE-2016-4008

 -- Marc Deslauriers <email address hidden> Tue, 26 Apr 2016 11:10:25 -0400

CVE-2016-4008 Infinite loops parsing malicious DER certificates



About   -   Send Feedback to @ubuntu_updates