This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8591833405714391061==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="EFq2v2CaBgufeo1a0XfaEnR6SUNTk2IUc"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--EFq2v2CaBgufeo1a0XfaEnR6SUNTk2IUc
Content-Type: multipart/mixed; boundary="qWgqeHPthIPjPQIU7D8SwAxNBdqocb7ne";
protected-headers="v1"
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: "ubuntu-security-announce@lists.ubuntu.com"
Message-ID:
Subject: [USN-3309-1] Libtasn1 vulnerability
--qWgqeHPthIPjPQIU7D8SwAxNBdqocb7ne
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-3309-1
June 05, 2017
libtasn1-6 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Libtasn1 could be made to crash or run programs as your login if it opened
a specially crafted file.
Software Description:
- libtasn1-6: Library to manage ASN.1 structures
Details:
Jakub Jirasek discovered that GnuTLS incorrectly handled certain
assignments files. If a user were tricked into processing a specially
crafted assignments file, a remote attacker could possibly execute arbirary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libtasn1-6 4.10-1ubuntu0.1
Ubuntu 16.10:
libtasn1-6 4.9-4ubuntu0.1
Ubuntu 16.04 LTS:
libtasn1-6 4.7-3ubuntu0.16.04.2
Ubuntu 14.04 LTS:
libtasn1-6 3.4-3ubuntu0.5
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3309-1
CVE-2017-6891
Package Information:
https://launchpad.net/ubuntu/+source/libtasn1-6/4.10-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libtasn1-6/4.9-4ubuntu0.1
https://launchpad.net/ubuntu/+source/libtasn1-6/4.7-3ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/libtasn1-6/3.4-3ubuntu0.5
--qWgqeHPthIPjPQIU7D8SwAxNBdqocb7ne--
--EFq2v2CaBgufeo1a0XfaEnR6SUNTk2IUc
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJZNZE9AAoJEGVp2FWnRL6TWDoP/jwbKmS6wiuelTXuchnvikVw
1MbqB8rgogkAJN8u9EhHfXgMrH3fBu+qe8mvehz27Yp6lzmpmAi6K4OqlocJvSUy
4qKBP+qovlkzX4c8jrQfPsUhsEC0e5CmLSdhxcSfnLyu3mNNK2LBj4NMczIMiM/g
34PtuAwfRjbAwBEYl2m/eOJVe1MtENMqe0BqjIkjtAkcSU2iLg9XXdd25AU4EDIj
aTFZS2I2TUT7yeYElSRJnj116+6/ITfvuIR/O+U+idtpEo7rSecX7BmH2N/yA3KT
I3rJT4zwiDLsspySqI064qPn0Rbt4EYJHWou6GqTTvkyD1+ynELoeKwGV1KktVlk
JSwcjF7JKnpgu5RN7VIj8oC3fsMzpFU/6W7uP6Fgdnxd5W+rbQo7b+NeWgLZDy6P
/0G3eyRVOyM+mBT2ugVly4DeRyHrQNtMX+azPUXTypnYMoxeJeJvZhpv8lzSd3V+
eKTlhb6Ek4OJ41ASy86o3/4uCcWa8JQxdqEeSgzqGEpMi9vhYk85J97/fclthteo
/GIEXPPhjOSAXkhbd/EsQ0o+OaE2qinnmqDfc57ECWiXYwV2tc1jIpCk3koX4gdt
gaxiNHASTnkOjXuP9LvTameNCy7qDRd48n+wFqEL0ebwrDP+mfRXAEbVwMdlCHg9
u5lZts1Z5OOD+BcMFBsk
=QHP2
-----END PGP SIGNATURE-----
--EFq2v2CaBgufeo1a0XfaEnR6SUNTk2IUc--
--===============8591833405714391061==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8591833405714391061==--
|