Arch Linux Security Advisory ASA-201504-3 ======================================== Severity: Low Date : 2015-04-03 CVE-ID : CVE-2015-2806 Package : libtasn1 Type : stack overflow Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ====== The package libtasn1 before version 4.4-1 is vulnerable to a two-byte stack overflow in DER decoding. Resolution ========= Upgrade to 4.4-1. # pacman -Syu "libtasn1>=4.4-1" The problem has been fixed upstream in version 4.4. Workaround ========= None. Description ========== A two-byte stack overflow has been found in the ASN.1 DER decoding logic of libtasn1. Impact ===== An attacker may be able to crash a program using libtasn1 by submitting a crafted X.509 structure to the program. References ========= https://access.redhat.com/security/cve/CVE-2015-2806 https://lists.gnu.org/archive/html/help-libtasn1/2015-03/msg00002.html https://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=4d4f992826a4962790ecd0cce6fbba4a415ce149;hp=77068c35a32cc31ba6b3af257921ca90696c7945
ArchLinux: 201504-3: libtasn1: stack overflow
April 3, 2015
Summary
A two-byte stack overflow has been found in the ASN.1 DER decoding logic of libtasn1.
Resolution
Upgrade to 4.4-1.
# pacman -Syu "libtasn1>=4.4-1"
The problem has been fixed upstream in version 4.4.
References
https://access.redhat.com/security/cve/CVE-2015-2806 https://lists.gnu.org/archive/html/help-libtasn1/2015-03/msg00002.html https://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=4d4f992826a4962790ecd0cce6fbba4a415ce149;hp=77068c35a32cc31ba6b3af257921ca90696c7945
Severity
Package : libtasn1
Type : stack overflow
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE
Workaround
None.
News
HOWTOs
About Us
Powered By
