Sicherheit: Denial of Service in Libtasn1 (Aktualisierung)

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============3546982890010299722==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------mdBvBSCL6wkW2I7BrcR71uaW"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------mdBvBSCL6wkW2I7BrcR71uaW
Content-Type: multipart/mixed;
boundary="------------tw9f1Qboasad1zbcXolYUGA0";
protected-headers="v1"
From: Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>
Reply-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <edf66ec9-bbe6-4efc-8ec5-fd7e6bbea9ba@canonical.com>
Subject: [USN-7275-2] Libtasn1 vulnerability

--------------tw9f1Qboasad1zbcXolYUGA0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7275-2
February 20, 2025

libtasn1-6 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Libtasn1 could be made to crash if it received specially crafted network
traffic.

Software Description:
- libtasn1-6: Library to manage ASN.1 structures

Details:

USN-7275-1 fixed vulnerabilities in Libtasn1. This update provides the
corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

Bing Shi discovered that Libtasn1 inefficiently handled certificates. An
attacker could possibly use this issue to increase resource utilization
leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libtasn1-6 4.19.0-3ubuntu0.24.04.1
libtasn1-bin 4.19.0-3ubuntu0.24.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7275-2
https://ubuntu.com/security/notices/USN-7275-1
CVE-2024-12133

Package Information:
https://launchpad.net/ubuntu/+source/libtasn1-6/4.19.0-3ubuntu0.24.04.1

--------------tw9f1Qboasad1zbcXolYUGA0--

--------------mdBvBSCL6wkW2I7BrcR71uaW
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAme3xBMFAwAAAAAACgkQyfW2m9Ldu6vk
/BAAhLLSIBQr7G1qjDF5J8ScGg10OZeS6sTJPQT/0MulB4MOB8mVzXlGaPv/Owf/N/xgcbVHJsoT
v60V871clH7M2QlG7VRhuW95BwP8LBHoyz5AY8hpOonqEfZKwTyEPl3elQ88RCde8gktQY6p62Fw
od6Qkq1VODZCNd/ZxFNBFokJ7luif/G8toO8nu58cBWF6XQcEFsbCqEp+S5TM+gWxrmx40ymGifh
w1ffDyGevSSTLSGmtwQxoYGmGAPFa/qiOcmeKVUlrdeJeNSaBXXN4O8ejlySb7HUaqj6BI63/gdq
HtwIKdj0LEJo/ZymOgy0uwpEMj9ZIXS0rbAchFgyjNE6ElFZaviXDQ0GGZsBLPJ3t9u4/5T0B9Ca
2tqeWbIulGvFKZoWyafM5jM9lkJa/c4ny2BLe4PJq62yxL0pVgrBjIXY+lXEyF/ID9BU+UVPocDr
tKkDq8vqaGHjh0k6IFWj9D02TdbufWAdRGqKiHbYX8EhYeUUUDBUBVbEts2e+lVLtZs7W2bpgLZu
o4/a2mPKu+WW8scirZVqmk38a7tRuh7lNhkVdWOgxGHN8opF8Lj3HjwDimfDjSY+o4bpR3miKhPl
6NFjxGHXIVLMcaiaLYoWiwWE0hWR40QG+lR/5YIz2ohScF/EGvFXF36darE1IlvTdIeb6W76xSkm
jkA=
=cEGW
-----END PGP SIGNATURE-----

--------------mdBvBSCL6wkW2I7BrcR71uaW--

--===============3546982890010299722==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============3546982890010299722==--