Описание
Security update for libtasn1
libtasn1 has been updated to fix three security issues:
Security Issues:
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server for SAP Applications 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP3
Ссылки
- Link for SUSE-SU-2015:0901-1
- E-Mail link for SUSE-SU-2015:0901-1
- SUSE Security Ratings
- SUSE Bug 880735
- SUSE Bug 880737
- SUSE Bug 880738
- SUSE Bug 924828
- SUSE CVE CVE-2014-3467 page
- SUSE CVE CVE-2014-3468 page
- SUSE CVE CVE-2014-3469 page
- SUSE CVE CVE-2015-2806 page
Описание
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
Затронутые продукты
Ссылки
- CVE-2014-3467
- SUSE Bug 880737
- SUSE Bug 880910
Описание
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
Затронутые продукты
Ссылки
- CVE-2014-3468
- SUSE Bug 880735
- SUSE Bug 880910
Описание
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
Затронутые продукты
Ссылки
- CVE-2014-3469
- SUSE Bug 880738
- SUSE Bug 880910
Описание
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-2806
- SUSE Bug 924828
- SUSE Bug 929414
- SUSE Bug 961491
- SUSE Bug 969208