openSUSE-SU-2019:1498-1

Опубликовано: 03 июн. 2019

Источник: suse-cvrf

Описание

Security update for libtasn1

This update for libtasn1 fixes the following issues:

Security issue fixed:

CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

libtasn1-4.13-lp151.4.3.1

libtasn1-6-4.13-lp151.4.3.1

libtasn1-6-32bit-4.13-lp151.4.3.1

libtasn1-devel-4.13-lp151.4.3.1

libtasn1-devel-32bit-4.13-lp151.4.3.1

openSUSE Leap 15.1

libtasn1-4.13-lp151.4.3.1

libtasn1-6-4.13-lp151.4.3.1

libtasn1-6-32bit-4.13-lp151.4.3.1

libtasn1-devel-4.13-lp151.4.3.1

libtasn1-devel-32bit-4.13-lp151.4.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TBPHCDNPF4OMNQRNFMDNJWW64KCW5M2P/#TBPHCDNPF4OMNQRNFMDNJWW64KCW5M2P
E-Mail link for openSUSE-SU-2019:1498-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1105435
SUSE Bug 1105435
https://www.suse.com/security/cve/CVE-2018-1000654/
SUSE CVE CVE-2018-1000654 page

Описание

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.

Затронутые продукты

openSUSE Leap 15.0:libtasn1-4.13-lp151.4.3.1

openSUSE Leap 15.0:libtasn1-6-32bit-4.13-lp151.4.3.1

openSUSE Leap 15.0:libtasn1-6-4.13-lp151.4.3.1

openSUSE Leap 15.0:libtasn1-devel-32bit-4.13-lp151.4.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-1000654.html
CVE-2018-1000654
https://bugzilla.suse.com/1105435
SUSE Bug 1105435

openSUSE-SU-2019:1498-1

Описание

Список пакетов

openSUSE Leap 15.0

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2018-1000654

Описание

Затронутые продукты

Ссылки