Описание
Security update for libtasn1
This update for libtasn1 fixes the following issues:
- Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491)
- CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414)
- CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779)
Список пакетов
SUSE Linux Enterprise Desktop 12
libtasn1-3.7-11.1
libtasn1-6-3.7-11.1
libtasn1-6-32bit-3.7-11.1
SUSE Linux Enterprise Desktop 12 SP1
libtasn1-3.7-11.1
libtasn1-6-3.7-11.1
libtasn1-6-32bit-3.7-11.1
SUSE Linux Enterprise Server 12
libtasn1-3.7-11.1
libtasn1-6-3.7-11.1
libtasn1-6-32bit-3.7-11.1
SUSE Linux Enterprise Server 12 SP1
libtasn1-3.7-11.1
libtasn1-6-3.7-11.1
libtasn1-6-32bit-3.7-11.1
SUSE Linux Enterprise Server for SAP Applications 12
libtasn1-3.7-11.1
libtasn1-6-3.7-11.1
libtasn1-6-32bit-3.7-11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libtasn1-3.7-11.1
libtasn1-6-3.7-11.1
libtasn1-6-32bit-3.7-11.1
SUSE Linux Enterprise Software Development Kit 12
libtasn1-devel-3.7-11.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libtasn1-devel-3.7-11.1
Ссылки
- Link for SUSE-SU-2016:1601-1
- E-Mail link for SUSE-SU-2016:1601-1
- SUSE Security Ratings
- SUSE Bug 929414
- SUSE Bug 961491
- SUSE Bug 982779
- SUSE CVE CVE-2015-3622 page
- SUSE CVE CVE-2016-4008 page
Описание
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libtasn1-3.7-11.1
SUSE Linux Enterprise Desktop 12 SP1:libtasn1-6-3.7-11.1
SUSE Linux Enterprise Desktop 12 SP1:libtasn1-6-32bit-3.7-11.1
SUSE Linux Enterprise Desktop 12:libtasn1-3.7-11.1
Ссылки
- CVE-2015-3622
- SUSE Bug 929414
Описание
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libtasn1-3.7-11.1
SUSE Linux Enterprise Desktop 12 SP1:libtasn1-6-3.7-11.1
SUSE Linux Enterprise Desktop 12 SP1:libtasn1-6-32bit-3.7-11.1
SUSE Linux Enterprise Desktop 12:libtasn1-3.7-11.1
Ссылки
- CVE-2016-4008
- SUSE Bug 982779