[Security-team] Fwd: [SA18794] GnuTLS libtasn1 DER Decoding Denial of Service Vulnerabilities

[Alexey Borovskoy]

Добрый день.

Мастер латать будем?

Subject: [SA18794] GnuTLS libtasn1 DER Decoding Denial of Service 
Vulnerabilities
Date: Пятница 10 Февраль 2006 23:04

TITLE:
GnuTLS libtasn1 DER Decoding Denial of Service Vulnerabilities

SECUNIA ADVISORY ID:
SA18794

VERIFY ADVISORY:
http://secunia.com/advisories/18794/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
GnuTLS 1.x
http://secunia.com/product/3748/
GnuTLS libtasn1 Tiny ASN.1 library 0.x
http://secunia.com/product/7952/

DESCRIPTION:
Evgeny Legerov has reported some vulnerabilities in GnuTLS
 libtasn1, which potentially can be exploited by malicious
 people to cause a DoS (Denial of Service).

The vulnerabilities are caused due to errors within the DER
 decoder in libtasn1. This can be exploited to crash an
 application that uses the library via specially-crafted input.

The vulnerabilities have been reported in libtasn1 prior to
 0.2.18 and in GnuTLS prior to 1.2.10.

SOLUTION:
Update to the fixed versions.
http://www.gnu.org/software/gnutls/download.html

Libtasn1:
Update to version 0.2.18.

GnuTLS:
Update to version 1.2.10.

The vulnerabilities have also been fixed in GnuTLS version 1.3.4
(experimental).

PROVIDED AND/OR DISCOVERED BY:
Evgeny Legerov, GLEG Ltd.

ORIGINAL ADVISORY:
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058
.html

-- 
Алексей.
GPG key fingerprint
949B BC0E 2C44 7528 4F63  2753 E37A 9E3F 11F3 BDE1
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя     : =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Тип     : application/pgp-signature
Размер  : 189 байтов
Описание: signature
Url     : <http://lists.altlinux.org/pipermail/security-team/attachments/20060211/b961eb8f/attachment-0003.bin>