Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu 14.10: 2559-1 Critical: libtasn1 Denial Of Service

ubuntu
Calendar Grey April 8, 2015
Dist Ubuntu Esm H88
Patch issued for Ubuntu versions 14.10, 14.04, 12.04, and 10.04 LTS addressing a libtasn1 security flaw that may result in system instability.
Libtasn1 could be made to crash or run programs if it processed specially crafted data.

Summary

Libtasn1 could be made to crash or run programs if it processed specially

crafted data.

Software Description:

- libtasn1-6: Library to manage ASN.1 structures

- libtasn1-3: Library to manage ASN.1 structures

Details:

Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data.

A remote attacker could possibly exploit this with specially crafted ASN.1

data and cause applications using Libtasn1 to crash, resulting in a denial

of service, or possibly execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  libtasn1-6                      4.0-2ubuntu0.1

Ubuntu 14.04 LTS:
  libtasn1-6                      3.4-3ubuntu0.2

Ubuntu 12.04 LTS:
  libtasn1-3                      2.10-1ubuntu1.3

Ubuntu 10.04 LTS:
  libtasn1-3                      2.4-1ubuntu0.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2559-1

CVE-2015-2806

Severity
critical
Lowest
Low
Medium
High
Critical

April 08, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.