Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 511536 (CVE-2014-3467)

Summary: <dev-libs/libtasn1-3.6: Multiple vulnerabilities (CVE-2014-{3467,3468,3469})
Product: Gentoo Security Reporter: Lars Wendler (Polynomial-C) (RETIRED) <polynomial-c>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: alonbl, crypto+disabled, k_f
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html
Whiteboard: A3 [glsa]
Package list:
Runtime testing required: ---

Description Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2014-05-26 11:54:42 UTC
* Noteworthy changes in release 3.5 (released 2014-05-01)
- Correctly handle decoding of recursive CHOICE options.
- Allow deleting elements of SET OF. Patch by Jean-Louis Thekekara.
- Several small bug fixes found by coverity.
- Code improvements contributed by Kurt Roeckx.

* Noteworthy changes in release 3.6 (released 2014-05-25) [stable]
- Corrected an off-by-one error in ASN.1 DER tag decoding.
- Several improvements and new safety checks on DER decoding;
  issues found using Codenomicon TLS test suite.
- Marked asn1_der_decoding_element() as deprecated. Use
  asn1_der_decoding() instead.
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-05-30 18:25:27 UTC
Related CVEs for this version: 
CVE-2014-3467 libtasn1: multiple boundary check issues 
CVE-2014-3468 libtasn1: asn1_get_bit_der() can return negative bit length
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-05-30 18:29:55 UTC
And also CVE-2014-3469 libtasn1: asn1_read_value_type() NULL pointer dereference

See also: 
https://bugzilla.redhat.com/show_bug.cgi?id=1102022
https://bugzilla.redhat.com/show_bug.cgi?id=1102323
https://bugzilla.redhat.com/show_bug.cgi?id=1102329
Comment 3 Alon Bar-Lev (RETIRED) gentoo-dev 2014-06-07 18:40:52 UTC
libtasn1-3.6 in tree.
thanks!
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2014-06-12 13:53:09 UTC
Maintainers, please advise when eBuilds have had enough testing, and are ready for stabilization.
Comment 5 Alon Bar-Lev (RETIRED) gentoo-dev 2014-06-12 17:35:04 UTC
(In reply to Yury German from comment #4)
> Maintainers, please advise when eBuilds have had enough testing, and are
> ready for stabilization.

no problems reported so far, so I think we can progress.
Comment 6 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-06-12 20:40:18 UTC
Thanks, 

Arches please stabilize:

=dev-libs/libtasn1-3.6

Targets: alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-06-12 21:37:02 UTC
amd64 stable
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2014-06-13 20:05:02 UTC
Stable for HPPA.
Comment 9 Markus Meier gentoo-dev 2014-06-15 10:18:38 UTC
arm stable
Comment 10 Tobias Klausmann (RETIRED) gentoo-dev 2014-06-17 10:47:53 UTC
Stable on alpha.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2014-06-18 18:28:14 UTC
CVE-2014-3469 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3469):
  The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU
  Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of
  service (NULL pointer dereference and crash) via a NULL value in an ivalue
  argument.

CVE-2014-3468 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3468):
  The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly
  report an error when a negative bit length is identified, which allows
  context-dependent attackers to cause out-of-bounds access via crafted ASN.1
  data.

CVE-2014-3467 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3467):
  Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1
  before 3.6, as used in GnutTLS, allow remote attackers to cause a denial of
  service (out-of-bounds read) via a crafted ASN.1 data.
Comment 12 PaweĊ‚ Hajdan, Jr. (RETIRED) gentoo-dev 2014-06-23 15:23:22 UTC
x86 stable
Comment 13 Agostino Sarubbo gentoo-dev 2014-07-05 12:41:01 UTC
ia64 stable
Comment 14 Agostino Sarubbo gentoo-dev 2014-07-05 12:51:29 UTC
ppc64 stable
Comment 15 Agostino Sarubbo gentoo-dev 2014-07-05 12:54:28 UTC
ppc stable
Comment 16 Agostino Sarubbo gentoo-dev 2014-07-05 12:56:10 UTC
sparc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 17 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-26 17:14:45 UTC
We already have a GLSA draft for this. Cleanup done by alonbl.
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2014-08-29 10:01:30 UTC
This issue was resolved and addressed in
 GLSA 201408-09 at http://security.gentoo.org/glsa/glsa-201408-09.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).