drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in Libtasn1
Name: |
Denial of Service in Libtasn1 |
|
ID: |
USN-3309-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10, Ubuntu 17.04 |
|
Datum: |
Mo, 5. Juni 2017, 23:36 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891 |
|
Applikationen: |
GNU Libtasn1 |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8591833405714391061== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="EFq2v2CaBgufeo1a0XfaEnR6SUNTk2IUc"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --EFq2v2CaBgufeo1a0XfaEnR6SUNTk2IUc Content-Type: multipart/mixed; boundary="qWgqeHPthIPjPQIU7D8SwAxNBdqocb7ne"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <a950f685-d463-06d4-3d40-c6edc120e89e@canonical.com> Subject: [USN-3309-1] Libtasn1 vulnerability
--qWgqeHPthIPjPQIU7D8SwAxNBdqocb7ne Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3309-1 June 05, 2017
libtasn1-6 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Libtasn1 could be made to crash or run programs as your login if it opened a specially crafted file.
Software Description: - libtasn1-6: Library to manage ASN.1 structures
Details:
Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbirary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: libtasn1-6 4.10-1ubuntu0.1
Ubuntu 16.10: libtasn1-6 4.9-4ubuntu0.1
Ubuntu 16.04 LTS: libtasn1-6 4.7-3ubuntu0.16.04.2
Ubuntu 14.04 LTS: libtasn1-6 3.4-3ubuntu0.5
In general, a standard system update will make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3309-1 CVE-2017-6891
Package Information: https://launchpad.net/ubuntu/+source/libtasn1-6/4.10-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libtasn1-6/4.9-4ubuntu0.1 https://launchpad.net/ubuntu/+source/libtasn1-6/4.7-3ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/libtasn1-6/3.4-3ubuntu0.5
--qWgqeHPthIPjPQIU7D8SwAxNBdqocb7ne--
--EFq2v2CaBgufeo1a0XfaEnR6SUNTk2IUc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJZNZE9AAoJEGVp2FWnRL6TWDoP/jwbKmS6wiuelTXuchnvikVw 1MbqB8rgogkAJN8u9EhHfXgMrH3fBu+qe8mvehz27Yp6lzmpmAi6K4OqlocJvSUy 4qKBP+qovlkzX4c8jrQfPsUhsEC0e5CmLSdhxcSfnLyu3mNNK2LBj4NMczIMiM/g 34PtuAwfRjbAwBEYl2m/eOJVe1MtENMqe0BqjIkjtAkcSU2iLg9XXdd25AU4EDIj aTFZS2I2TUT7yeYElSRJnj116+6/ITfvuIR/O+U+idtpEo7rSecX7BmH2N/yA3KT I3rJT4zwiDLsspySqI064qPn0Rbt4EYJHWou6GqTTvkyD1+ynELoeKwGV1KktVlk JSwcjF7JKnpgu5RN7VIj8oC3fsMzpFU/6W7uP6Fgdnxd5W+rbQo7b+NeWgLZDy6P /0G3eyRVOyM+mBT2ugVly4DeRyHrQNtMX+azPUXTypnYMoxeJeJvZhpv8lzSd3V+ eKTlhb6Ek4OJ41ASy86o3/4uCcWa8JQxdqEeSgzqGEpMi9vhYk85J97/fclthteo /GIEXPPhjOSAXkhbd/EsQ0o+OaE2qinnmqDfc57ECWiXYwV2tc1jIpCk3koX4gdt gaxiNHASTnkOjXuP9LvTameNCy7qDRd48n+wFqEL0ebwrDP+mfRXAEbVwMdlCHg9 u5lZts1Z5OOD+BcMFBsk =QHP2 -----END PGP SIGNATURE-----
--EFq2v2CaBgufeo1a0XfaEnR6SUNTk2IUc--
--===============8591833405714391061== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8591833405714391061==--
|
|
|
|