Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 517
Alerts This Week
Warning Icon 1 517

Ubuntu: 3309-1 Critical Security Risk in Libtasn1 Code Execution

ubuntu
Calendar Grey June 5, 2017
Dist Ubuntu Esm H88
A vulnerability in Libtasn1 may enable hackers to cause system instability or run malicious code on Ubuntu when specific files are opened. It's crucial to apply security updates.
Libtasn1 could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

Libtasn1 could be made to crash or run programs as your login if it opened

a specially crafted file.

Software Description:

- libtasn1-6: Library to manage ASN.1 structures

Details:

Jakub Jirasek discovered that GnuTLS incorrectly handled certain

assignments files. If a user were tricked into processing a specially

crafted assignments file, a remote attacker could possibly execute arbirary

code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  libtasn1-6                      4.10-1ubuntu0.1

Ubuntu 16.10:
  libtasn1-6                      4.9-4ubuntu0.1

Ubuntu 16.04 LTS:
  libtasn1-6                      4.7-3ubuntu0.16.04.2

Ubuntu 14.04 LTS:
  libtasn1-6                      3.4-3ubuntu0.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3309-1

CVE-2017-6891

Severity
critical
Lowest
Low
Medium
High
Critical

June 05, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.