Summary: | <dev-libs/libtasn1-4.5: invalid memory access (CVE-2015-3622) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | alonbl, crypto+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/04/30/3 | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 544922 |
Description
Agostino Sarubbo
2015-04-30 13:42:32 UTC
can be stabilized, please resolve/dup bug#544922 to avoid duplication. Arches please stabilize: =dev-libs/libtasn1-4.5 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for PPC64. Stable for HPPA. amd64 stable ia64 stable sparc stable ppc stable x86 stable alpha stable arm stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. (In reply to Agostino Sarubbo from comment #11) > arm stable. > > Maintainer(s), please cleanup. > Security, please add it to the existing request, or file a new one. done Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. CVE-2015-3622 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3622): The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. This issue was resolved and addressed in GLSA 201509-04 at https://security.gentoo.org/glsa/201509-04 by GLSA coordinator Kristian Fiskerstrand (K_F). |