ArchLinux: 201604-9: libtasn1: denial of service
Summary
The libtasn1 library, in its 4.7 version, can loop for a long time or indefinitely when it is used to parse DER representations of X.509 certificates, leading to a denial of service. Some of these loops may in addition increase heap or stack usage, leading to more issues.
Resolution
Upgrade to 4.8-1.
# pacman -Syu "libtasn1>=4.8-1"
The problem has been fixed upstream in version 4.8.
References
https://access.redhat.com/security/cve/CVE-2016-4008 https://bugzilla.redhat.com/show_bug.cgi?id=1325965
Workaround
None.