Описание
Security update for libtasn1
This update for libtasn1 fixes one issue.
This security issue was fixed:
- CVE-2018-6003: Prevent a stack exhaustion in _asn1_decode_simple_ber (lib/decoding.c) when decoding BER encoded structure allowed for DoS (bsc#1076832).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
libtasn1-4.9-3.5.1
libtasn1-6-4.9-3.5.1
libtasn1-6-32bit-4.9-3.5.1
SUSE Linux Enterprise Server 12 SP3
libtasn1-4.9-3.5.1
libtasn1-6-4.9-3.5.1
libtasn1-6-32bit-4.9-3.5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libtasn1-4.9-3.5.1
libtasn1-6-4.9-3.5.1
libtasn1-6-32bit-4.9-3.5.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libtasn1-devel-4.9-3.5.1
Ссылки
- Link for SUSE-SU-2018:0295-1
- E-Mail link for SUSE-SU-2018:0295-1
- SUSE Security Ratings
- SUSE Bug 1076832
- SUSE CVE CVE-2018-6003 page
Описание
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libtasn1-4.9-3.5.1
SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-32bit-4.9-3.5.1
SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-4.9-3.5.1
SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.5.1
Ссылки
- CVE-2018-6003
- SUSE Bug 1076832