Описание
Security update for libtasn1
This update for libtasn1 fixes the following issues:
- Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491)
- CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414)
- CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.1
libtasn1-3.7-12.1
libtasn1-6-3.7-12.1
libtasn1-6-32bit-3.7-12.1
libtasn1-devel-3.7-12.1
libtasn1-devel-32bit-3.7-12.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1674-1
- SUSE Security Ratings
Описание
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
Затронутые продукты
openSUSE Leap 42.1:libtasn1-3.7-12.1
openSUSE Leap 42.1:libtasn1-6-3.7-12.1
openSUSE Leap 42.1:libtasn1-6-32bit-3.7-12.1
openSUSE Leap 42.1:libtasn1-devel-3.7-12.1
Ссылки
- CVE-2015-3622
- SUSE Bug 929414
Описание
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
Затронутые продукты
openSUSE Leap 42.1:libtasn1-3.7-12.1
openSUSE Leap 42.1:libtasn1-6-3.7-12.1
openSUSE Leap 42.1:libtasn1-6-32bit-3.7-12.1
openSUSE Leap 42.1:libtasn1-devel-3.7-12.1
Ссылки
- CVE-2016-4008
- SUSE Bug 982779