| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 24 Mar 2012 23:22:54 +0100 From: Florian Weimer <fw@...eb.enyo.de> To: debian-security-announce@...ts.debian.org Subject: [SECURITY] [DSA 2440-1] libtasn1-3 security update -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2440-1 security@...ian.org http://www.debian.org/security/ Florian Weimer March 24, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libtasn1-3 Vulnerability : missing bounds check Problem type : remote Debian-specific: no CVE ID : CVE-2012-1569 Matthew Hall discovered that many callers of the asn1_get_length_der function did not check the result against the overall buffer length before processing it further. This could result in out-of-bounds memory accesses and application crashes. Applications using GNUTLS are exposed to this issue. For the stable distribution (squeeze), this problem has been fixed in version 2.7-1+squeeze+1. For the unstable distribution (sid), this problem has been fixed in version 2.12-1. We recommend that you upgrade your libtasn1-3 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@...ts.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJPbk3rAAoJEL97/wQC1SS+M3cH/0Paiu9LKPgbcbSOi3Mv26bx lofgEYo57A0EoaVx5nPBBM+3kyTSFdL2xjDWDdXseM7m53N8prH32jQOW4vy+ip+ zUHgXc2+wINjRQs9ywl+FONYbOdvyI3JD4r+EGWfjVPdaCixrW5GWphtmv97ZHuG o8ZxYfU6F1eqH0R9fjHqaDiZXcjq1Vn7QvJpq12Jz8iLBl2fsR0t//uB5xZr/0xN uDYHPPKHKTW+BVtRKlt2A7nYDcevQP0Qj038I/IP+zynC3LgMW8caCsK6UGUe1E9 fw8GcOHMc/bHhbbfodzmgRD4KWoy8c5FbdqzNEHJsvEJiOuusR/J6zIT1pIFQ8c= =hQt8 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists