Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:1510-1

Опубликовано: 05 июн. 2019
Источник: suse-cvrf

Описание

Security update for libtasn1

This update for libtasn1 fixes the following issues:

Security issues fixed:

  • CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).
  • CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621).

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Список пакетов

openSUSE Leap 42.3
libtasn1-4.9-6.1
libtasn1-6-4.9-6.1
libtasn1-6-32bit-4.9-6.1
libtasn1-devel-4.9-6.1
libtasn1-devel-32bit-4.9-6.1

Ссылки

Описание

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

Затронутые продукты
openSUSE Leap 42.3:libtasn1-4.9-6.1
openSUSE Leap 42.3:libtasn1-6-32bit-4.9-6.1
openSUSE Leap 42.3:libtasn1-6-4.9-6.1
openSUSE Leap 42.3:libtasn1-devel-32bit-4.9-6.1
Ссылки

Описание

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.

Затронутые продукты
openSUSE Leap 42.3:libtasn1-4.9-6.1
openSUSE Leap 42.3:libtasn1-6-32bit-4.9-6.1
openSUSE Leap 42.3:libtasn1-6-4.9-6.1
openSUSE Leap 42.3:libtasn1-devel-32bit-4.9-6.1
Ссылки