lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 08 May 2015 10:53:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2015:232 ] libtasn1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:232
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libtasn1
 Date    : May 8, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated libtasn1 packages fix security vulnerability:
 
 A malformed certificate input could cause a heap overflow read in the
 DER decoding functions of Libtasn1. The heap overflow happens in the
 function _asn1_extract_der_octet() (CVE-2015-3622).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622
 http://advisories.mageia.org/MGASA-2015-0200.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 4bc7773a89eaf2b4a604b109a92d075f  mbs1/x86_64/lib64tasn1_6-3.6-1.5.mbs1.x86_64.rpm
 930100232484cf13e36dfac29fa17357  mbs1/x86_64/lib64tasn1-devel-3.6-1.5.mbs1.x86_64.rpm
 5bd5f7ea2ffd134e87bca1b91d49c6d3  mbs1/x86_64/libtasn1-tools-3.6-1.5.mbs1.x86_64.rpm 
 6cfc88e6b24f8297ce5a7bc7d6d035e8  mbs1/SRPMS/libtasn1-3.6-1.5.mbs1.src.rpm

 Mandriva Business Server 2/X86_64:
 b5a3ffa1c79eb3aad4895d4b99ed59e2  mbs2/x86_64/lib64tasn1_6-3.6-1.2.mbs2.x86_64.rpm
 f16c5434df06bcc5c4528ef85bca229c  mbs2/x86_64/lib64tasn1-devel-3.6-1.2.mbs2.x86_64.rpm
 6778a6b9107dc7617641527c58f4e3fb  mbs2/x86_64/libtasn1-tools-3.6-1.2.mbs2.x86_64.rpm 
 16d66ba91bb3f49c24db63704610cffd  mbs2/SRPMS/libtasn1-3.6-1.2.mbs2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVTGttmqjQ0CJFipgRApHWAKDb3T0wA/bzK5wK8/1W+1jKH512iQCg3DVH
KhQCzIL9r1wW18TmNIpg9l8=
=5Y0W
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists