Summary: | <dev-libs/libtasn1-4.13: CVE-2018-6003: stack overflow due to unbounded recursion/DOS | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Ian Zimmerman <nobrowser> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alonbl, crypto+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=dev-libs/libtasn1-4.13
|
Runtime testing required: | No |
Description
Ian Zimmerman
2018-02-08 16:35:26 UTC
CVE ID: CVE-2018-6003 Summary: An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. @Maintainers 4.13 in tree, please call for stabilization when ready. @arches, please stabilize. ia64 stable amd64 stable arm64 stable x86 stable ppc64 stable Stable on alpha. ppc stable arm stable @hppa? hppa stable GLSA Vote: No @maintainer(s), please clean the vulnerable versions. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c77661f3bd26696bd9f99671369a67fb56a445c5 commit c77661f3bd26696bd9f99671369a67fb56a445c5 Author: Alon Bar-Lev <alonbl@gentoo.org> AuthorDate: 2018-04-22 21:14:27 +0000 Commit: Alon Bar-Lev <alonbl@gentoo.org> CommitDate: 2018-04-22 21:15:19 +0000 dev-libs/libtasn1: cleanup Bug: https://bugs.gentoo.org/show_bug.cgi?id=647012 Package-Manager: Portage-2.3.24, Repoman-2.3.6 dev-libs/libtasn1/Manifest | 1 - .../files/libtasn1-4.12-CVE-2017-10790.patch | 55 ---------------------- dev-libs/libtasn1/libtasn1-4.12-r1.ebuild | 50 -------------------- 3 files changed, 106 deletions(-)} (In reply to Larry the Git Cow from comment #14) > The bug has been referenced in the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=c77661f3bd26696bd9f99671369a67fb56a445c5 > > commit c77661f3bd26696bd9f99671369a67fb56a445c5 > Author: Alon Bar-Lev <alonbl@gentoo.org> > AuthorDate: 2018-04-22 21:14:27 +0000 > Commit: Alon Bar-Lev <alonbl@gentoo.org> > CommitDate: 2018-04-22 21:15:19 +0000 > > dev-libs/libtasn1: cleanup > > Bug: https://bugs.gentoo.org/show_bug.cgi?id=647012 > Package-Manager: Portage-2.3.24, Repoman-2.3.6 > > dev-libs/libtasn1/Manifest | 1 - > .../files/libtasn1-4.12-CVE-2017-10790.patch | 55 > ---------------------- > dev-libs/libtasn1/libtasn1-4.12-r1.ebuild | 50 -------------------- > 3 files changed, 106 deletions(-)} Thanks, Alon! |