[Security-team] Fwd: [SA18794] GnuTLS libtasn1 DER Decoding Denial of Service Vulnerabilities
Alexey Borovskoy
=?iso-8859-1?q?alexey=2Eborovskoy_=CE=C1_gmail=2Ecom?=
Сб Фев 11 06:10:12 MSK 2006
Добрый день.
Мастер латать будем?
Subject: [SA18794] GnuTLS libtasn1 DER Decoding Denial of Service
Vulnerabilities
Date: Пятница 10 Февраль 2006 23:04
TITLE:
GnuTLS libtasn1 DER Decoding Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA18794
VERIFY ADVISORY:
http://secunia.com/advisories/18794/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
From remote
SOFTWARE:
GnuTLS 1.x
http://secunia.com/product/3748/
GnuTLS libtasn1 Tiny ASN.1 library 0.x
http://secunia.com/product/7952/
DESCRIPTION:
Evgeny Legerov has reported some vulnerabilities in GnuTLS
libtasn1, which potentially can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to errors within the DER
decoder in libtasn1. This can be exploited to crash an
application that uses the library via specially-crafted input.
The vulnerabilities have been reported in libtasn1 prior to
0.2.18 and in GnuTLS prior to 1.2.10.
SOLUTION:
Update to the fixed versions.
http://www.gnu.org/software/gnutls/download.html
Libtasn1:
Update to version 0.2.18.
GnuTLS:
Update to version 1.2.10.
The vulnerabilities have also been fixed in GnuTLS version 1.3.4
(experimental).
PROVIDED AND/OR DISCOVERED BY:
Evgeny Legerov, GLEG Ltd.
ORIGINAL ADVISORY:
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058
.html
--
Алексей.
GPG key fingerprint
949B BC0E 2C44 7528 4F63 2753 E37A 9E3F 11F3 BDE1
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя : =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Тип : application/pgp-signature
Размер : 189 байтов
Описание: signature
Url : <http://lists.altlinux.org/pipermail/security-team/attachments/20060211/b961eb8f/attachment-0003.bin>
Подробная информация о списке рассылки Security-team