[v2.7] libtasn1 (used in GnuTLS): remote DoS (CVE-2014-3467 CVE-2014-3468 CVE-2014-3469)
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnutTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 data (CVE-2014-3467).
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1102022
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data (CVE-2014-3468).
•CONFIRM:
http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1102323
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument (CVE-2014-3469).
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1102329
References:
•MLIST:[help-libtasn1] 20140525 GNU Libtasn1 3.6 released
•URL:
http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html
•REDHAT:RHSA-2014:0594
•URL: http://rhn.redhat.com/errata/RHSA-2014-0594.html
•REDHAT:RHSA-2014:0596
•URL: http://rhn.redhat.com/errata/RHSA-2014-0596.html
(from redmine: issue id 3012, created on 2014-06-09, closed on 2014-06-10)
- Relations:
- parent #3009 (closed)
- Changesets:
- Revision d4b13349 by Natanael Copa on 2014-06-10T11:35:28Z:
main/libtasn1: security upgrade to 3.6 (CVE-2014-3467,CVE-2014-3468,CVE-2014-3469)
fixes #3012