Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Gentoo GLSA 201703-05: Normal Severity Libtasn1 Denial of Service

gentoo
Calendar Grey March 28, 2017
Dist Gentoo Esm H88
The Gentoo Linux Security Advisory GLSA 201703-05 discloses a vulnerability in libtasn1 that can be exploited by remote attackers to initiate denial of service attacks.
A vulnerability in Libtasn1 allows remote attackers to cause a Denial of Service condition.

Summary

Libtasn1 does not correctly handle certain malformed DER certificates.

Topics%20covered

Topics Covered

security advisory denial of service gentoo issue normal libtasn1

Resolution

All Libtasn1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libtasn1-4.8"

References

[ 1 ] CVE-2016-4008 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4008

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201703-05
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: GNU Libtasn1: Denial of Service
Date: March 28, 2017
Bugs: #579748
ID: 201703-05

Topics%20covered

Topics Covered

security advisory denial of service gentoo issue normal libtasn1

Synopsis

A vulnerability in Libtasn1 allows remote attackers to cause a Denial of Service condition.

Background

A library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libtasn1 < 4.8 >= 4.8

Impact

===== A remote attacker could entice a user or automated system to process a specially crafted certificate using Libtasn1, resulting in a Denial of Service condition.

Workaround

There is no known workaround at this time.

Your message here