Download
| Alert*
oval:org.secpod.oval:def:89003353
This update for libtasn1 fixes the following issues: Security issues fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser . - CVE-2017-6891: Fixed a stack overflow in asn1_find_node . oval:org.secpod.oval:def:89044743 This update for gnutls fixes the following issues: - GNUTLS-SA-2017-3 / CVE-2017-7869: An out-of-bounds write in OpenPGP certificate decoding was fixed - CVE-2017-6891: A potential stack buffer overflow in the bundled libtasn1 was fixed - An address read of 4 bytes past the end of buffer in OpenPG ... oval:org.secpod.oval:def:1800298 Two errors in the "asn1_find_node" function within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. oval:org.secpod.oval:def:1800732 Two errors in the "asn1_find_node" function within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. oval:org.secpod.oval:def:89047823 This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser . - CVE-2017-6891: Added safety check to fix a stack overflow issue . - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der oval:org.secpod.oval:def:112439 A library that provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. oval:org.secpod.oval:def:602896 Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into proces ... oval:org.secpod.oval:def:1800550 Two errors in the "asn1_find_node" function within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. oval:org.secpod.oval:def:51811 libtasn1-6: Library to manage ASN.1 structures Libtasn1 could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1800568 Two errors in the "asn1_find_node" function within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. oval:org.secpod.oval:def:703639 libtasn1-6: Library to manage ASN.1 structures Libtasn1 could be made to crash or run programs as your login if it opened a specially crafted file. |