Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 511536 (CVE-2014-3467) - <dev-libs/libtasn1-3.6: Multiple vulnerabilities (CVE-2014-{3467,3468,3469})
Summary: <dev-libs/libtasn1-3.6: Multiple vulnerabilities (CVE-2014-{3467,3468,3469})
Status: RESOLVED FIXED
Alias: CVE-2014-3467
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://lists.gnu.org/archive/html/hel...
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-05-26 11:54 UTC by Lars Wendler (Polynomial-C)
Modified: 2014-08-29 10:01 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Wendler (Polynomial-C) gentoo-dev 2014-05-26 11:54:42 UTC
* Noteworthy changes in release 3.5 (released 2014-05-01)
- Correctly handle decoding of recursive CHOICE options.
- Allow deleting elements of SET OF. Patch by Jean-Louis Thekekara.
- Several small bug fixes found by coverity.
- Code improvements contributed by Kurt Roeckx.

* Noteworthy changes in release 3.6 (released 2014-05-25) [stable]
- Corrected an off-by-one error in ASN.1 DER tag decoding.
- Several improvements and new safety checks on DER decoding;
  issues found using Codenomicon TLS test suite.
- Marked asn1_der_decoding_element() as deprecated. Use
  asn1_der_decoding() instead.
Comment 1 Kristian Fiskerstrand gentoo-dev Security 2014-05-30 18:25:27 UTC
Related CVEs for this version: 
CVE-2014-3467 libtasn1: multiple boundary check issues 
CVE-2014-3468 libtasn1: asn1_get_bit_der() can return negative bit length
Comment 2 Kristian Fiskerstrand gentoo-dev Security 2014-05-30 18:29:55 UTC
And also CVE-2014-3469 libtasn1: asn1_read_value_type() NULL pointer dereference

See also: 
https://bugzilla.redhat.com/show_bug.cgi?id=1102022
https://bugzilla.redhat.com/show_bug.cgi?id=1102323
https://bugzilla.redhat.com/show_bug.cgi?id=1102329
Comment 3 Alon Bar-Lev gentoo-dev 2014-06-07 18:40:52 UTC
libtasn1-3.6 in tree.
thanks!
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2014-06-12 13:53:09 UTC
Maintainers, please advise when eBuilds have had enough testing, and are ready for stabilization.
Comment 5 Alon Bar-Lev gentoo-dev 2014-06-12 17:35:04 UTC
(In reply to Yury German from comment #4)
> Maintainers, please advise when eBuilds have had enough testing, and are
> ready for stabilization.

no problems reported so far, so I think we can progress.
Comment 6 Kristian Fiskerstrand gentoo-dev Security 2014-06-12 20:40:18 UTC
Thanks, 

Arches please stabilize:

=dev-libs/libtasn1-3.6

Targets: alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86
Comment 7 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2014-06-12 21:37:02 UTC
amd64 stable
Comment 8 Jeroen Roovers gentoo-dev 2014-06-13 20:05:02 UTC
Stable for HPPA.
Comment 9 Markus Meier gentoo-dev 2014-06-15 10:18:38 UTC
arm stable
Comment 10 Tobias Klausmann gentoo-dev 2014-06-17 10:47:53 UTC
Stable on alpha.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2014-06-18 18:28:14 UTC
CVE-2014-3469 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3469):
  The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU
  Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of
  service (NULL pointer dereference and crash) via a NULL value in an ivalue
  argument.

CVE-2014-3468 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3468):
  The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly
  report an error when a negative bit length is identified, which allows
  context-dependent attackers to cause out-of-bounds access via crafted ASN.1
  data.

CVE-2014-3467 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3467):
  Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1
  before 3.6, as used in GnutTLS, allow remote attackers to cause a denial of
  service (out-of-bounds read) via a crafted ASN.1 data.
Comment 12 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2014-06-23 15:23:22 UTC
x86 stable
Comment 13 Agostino Sarubbo gentoo-dev 2014-07-05 12:41:01 UTC
ia64 stable
Comment 14 Agostino Sarubbo gentoo-dev 2014-07-05 12:51:29 UTC
ppc64 stable
Comment 15 Agostino Sarubbo gentoo-dev 2014-07-05 12:54:28 UTC
ppc stable
Comment 16 Agostino Sarubbo gentoo-dev 2014-07-05 12:56:10 UTC
sparc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 17 Kristian Fiskerstrand gentoo-dev Security 2014-08-26 17:14:45 UTC
We already have a GLSA draft for this. Cleanup done by alonbl.
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2014-08-29 10:01:30 UTC
This issue was resolved and addressed in
 GLSA 201408-09 at http://security.gentoo.org/glsa/glsa-201408-09.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).