Sicherheit: Denial of Service in Libtasn1

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8591833405714391061==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="EFq2v2CaBgufeo1a0XfaEnR6SUNTk2IUc"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--EFq2v2CaBgufeo1a0XfaEnR6SUNTk2IUc
Content-Type: multipart/mixed;
boundary="qWgqeHPthIPjPQIU7D8SwAxNBdqocb7ne";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <a950f685-d463-06d4-3d40-c6edc120e89e@canonical.com>
Subject: [USN-3309-1] Libtasn1 vulnerability

--qWgqeHPthIPjPQIU7D8SwAxNBdqocb7ne
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3309-1
June 05, 2017

libtasn1-6 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Libtasn1 could be made to crash or run programs as your login if it opened
a specially crafted file.

Software Description:
- libtasn1-6: Library to manage ASN.1 structures

Details:

Jakub Jirasek discovered that GnuTLS incorrectly handled certain
assignments files. If a user were tricked into processing a specially
crafted assignments file, a remote attacker could possibly execute arbirary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
libtasn1-6 4.10-1ubuntu0.1

Ubuntu 16.10:
libtasn1-6 4.9-4ubuntu0.1

Ubuntu 16.04 LTS:
libtasn1-6 4.7-3ubuntu0.16.04.2

Ubuntu 14.04 LTS:
libtasn1-6 3.4-3ubuntu0.5

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3309-1
CVE-2017-6891

Package Information:
https://launchpad.net/ubuntu/+source/libtasn1-6/4.10-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libtasn1-6/4.9-4ubuntu0.1
https://launchpad.net/ubuntu/+source/libtasn1-6/4.7-3ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/libtasn1-6/3.4-3ubuntu0.5

--qWgqeHPthIPjPQIU7D8SwAxNBdqocb7ne--

--EFq2v2CaBgufeo1a0XfaEnR6SUNTk2IUc
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJZNZE9AAoJEGVp2FWnRL6TWDoP/jwbKmS6wiuelTXuchnvikVw
1MbqB8rgogkAJN8u9EhHfXgMrH3fBu+qe8mvehz27Yp6lzmpmAi6K4OqlocJvSUy
4qKBP+qovlkzX4c8jrQfPsUhsEC0e5CmLSdhxcSfnLyu3mNNK2LBj4NMczIMiM/g
34PtuAwfRjbAwBEYl2m/eOJVe1MtENMqe0BqjIkjtAkcSU2iLg9XXdd25AU4EDIj
aTFZS2I2TUT7yeYElSRJnj116+6/ITfvuIR/O+U+idtpEo7rSecX7BmH2N/yA3KT
I3rJT4zwiDLsspySqI064qPn0Rbt4EYJHWou6GqTTvkyD1+ynELoeKwGV1KktVlk
JSwcjF7JKnpgu5RN7VIj8oC3fsMzpFU/6W7uP6Fgdnxd5W+rbQo7b+NeWgLZDy6P
/0G3eyRVOyM+mBT2ugVly4DeRyHrQNtMX+azPUXTypnYMoxeJeJvZhpv8lzSd3V+
eKTlhb6Ek4OJ41ASy86o3/4uCcWa8JQxdqEeSgzqGEpMi9vhYk85J97/fclthteo
/GIEXPPhjOSAXkhbd/EsQ0o+OaE2qinnmqDfc57ECWiXYwV2tc1jIpCk3koX4gdt
gaxiNHASTnkOjXuP9LvTameNCy7qDRd48n+wFqEL0ebwrDP+mfRXAEbVwMdlCHg9
u5lZts1Z5OOD+BcMFBsk
=QHP2
-----END PGP SIGNATURE-----

--EFq2v2CaBgufeo1a0XfaEnR6SUNTk2IUc--

--===============8591833405714391061==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============8591833405714391061==--