[USN-2294-1] Libtasn1 vulnerabilities
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jul 22 18:08:22 UTC 2014
==========================================================================
Ubuntu Security Notice USN-2294-1
July 22, 2014
libtasn1-3, libtasn1-6 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Libtasn1 could be made to crash or run programs as your login if it
processed specially crafted data.
Software Description:
- libtasn1-6: Library to manage ASN.1 structures
- libtasn1-3: Library to manage ASN.1 structures
Details:
It was discovered that Libtasn1 incorrectly handled certain ASN.1 data
structures. An attacker could exploit this with specially crafted ASN.1
data and cause applications using Libtasn1 to crash, resulting in a denial
of service. (CVE-2014-3467)
It was discovered that Libtasn1 incorrectly handled negative bit lengths.
An attacker could exploit this with specially crafted ASN.1 data and cause
applications using Libtasn1 to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2014-3468)
It was discovered that Libtasn1 incorrectly handled certain ASN.1 data. An
attacker could exploit this with specially crafted ASN.1 data and cause
applications using Libtasn1 to crash, resulting in a denial of service.
(CVE-2014-3469)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libtasn1-6 3.4-3ubuntu0.1
Ubuntu 12.04 LTS:
libtasn1-3 2.10-1ubuntu1.2
Ubuntu 10.04 LTS:
libtasn1-3 2.4-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2294-1
CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
Package Information:
https://launchpad.net/ubuntu/+source/libtasn1-6/3.4-3ubuntu0.1
https://launchpad.net/ubuntu/+source/libtasn1-3/2.10-1ubuntu1.2
https://launchpad.net/ubuntu/+source/libtasn1-3/2.4-1ubuntu0.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20140722/2e12ec20/attachment.sig>
More information about the ubuntu-security-announce
mailing list