Описание
Security update for libtasn1
This update for libtasn1 fixes the following issues:
- Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491)
- CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414)
- CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libtasn1-1.5-1.34.1
libtasn1-3-1.5-1.34.1
libtasn1-3-32bit-1.5-1.34.1
libtasn1-3-x86-1.5-1.34.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libtasn1-1.5-1.34.1
libtasn1-3-1.5-1.34.1
libtasn1-3-32bit-1.5-1.34.1
libtasn1-3-x86-1.5-1.34.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libtasn1-devel-1.5-1.34.1
Ссылки
- Link for SUSE-SU-2016:1600-1
- E-Mail link for SUSE-SU-2016:1600-1
- SUSE Security Ratings
- SUSE Bug 929414
- SUSE Bug 961491
- SUSE Bug 982779
- SUSE CVE CVE-2015-3622 page
- SUSE CVE CVE-2016-4008 page
Описание
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libtasn1-1.5-1.34.1
SUSE Linux Enterprise Server 11 SP4:libtasn1-3-1.5-1.34.1
SUSE Linux Enterprise Server 11 SP4:libtasn1-3-32bit-1.5-1.34.1
SUSE Linux Enterprise Server 11 SP4:libtasn1-3-x86-1.5-1.34.1
Ссылки
- CVE-2015-3622
- SUSE Bug 929414
Описание
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libtasn1-1.5-1.34.1
SUSE Linux Enterprise Server 11 SP4:libtasn1-3-1.5-1.34.1
SUSE Linux Enterprise Server 11 SP4:libtasn1-3-32bit-1.5-1.34.1
SUSE Linux Enterprise Server 11 SP4:libtasn1-3-x86-1.5-1.34.1
Ссылки
- CVE-2016-4008
- SUSE Bug 982779