openSUSE-SU-2018:0324-1

Опубликовано: 31 янв. 2018

Источник: suse-cvrf

Описание

Security update for libtasn1

This update for libtasn1 fixes one issue.

This security issue was fixed:

CVE-2018-6003: Prevent a stack exhaustion in _asn1_decode_simple_ber (lib/decoding.c) when decoding BER encoded structure allowed for DoS (bsc#1076832).

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Список пакетов

openSUSE Leap 42.3

libtasn1-4.9-3.1

libtasn1-6-4.9-3.1

libtasn1-6-32bit-4.9-3.1

libtasn1-devel-4.9-3.1

libtasn1-devel-32bit-4.9-3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2018-01/msg00122.html
E-Mail link for openSUSE-SU-2018:0324-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

Затронутые продукты

openSUSE Leap 42.3:libtasn1-4.9-3.1

openSUSE Leap 42.3:libtasn1-6-32bit-4.9-3.1

openSUSE Leap 42.3:libtasn1-6-4.9-3.1

openSUSE Leap 42.3:libtasn1-devel-32bit-4.9-3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-6003.html
CVE-2018-6003
https://bugzilla.suse.com/1076832
SUSE Bug 1076832

openSUSE-SU-2018:0324-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-6003

Описание

Затронутые продукты

Ссылки