Ubuntu Security Notice USN-2294-1

Ubuntu Security Notice USN-2294-1: Posted Jul 22, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2294-1 - It was discovered that Libtasn1 incorrectly handled certain ASN.1 data structures. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service. It was discovered that Libtasn1 incorrectly handled negative bit lengths. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.; tags | advisory, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469; SHA-256 | a15de4c2e04bfec1afe8e723c19c93779c39f5421110554b9e8dd54be15fa159; Download | Favorite | View

Ubuntu Security Notice USN-2294-1

============================================================================
Ubuntu Security Notice USN-2294-1
July 22, 2014

libtasn1-3, libtasn1-6 vulnerabilities
============================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Libtasn1 could be made to crash or run programs as your login if it
processed specially crafted data.

Software Description:
- libtasn1-6: Library to manage ASN.1 structures
- libtasn1-3: Library to manage ASN.1 structures

Details:

It was discovered that Libtasn1 incorrectly handled certain ASN.1 data
structures. An attacker could exploit this with specially crafted ASN.1
data and cause applications using Libtasn1 to crash, resulting in a denial
of service. (CVE-2014-3467)

It was discovered that Libtasn1 incorrectly handled negative bit lengths.
An attacker could exploit this with specially crafted ASN.1 data and cause
applications using Libtasn1 to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2014-3468)

It was discovered that Libtasn1 incorrectly handled certain ASN.1 data. An
attacker could exploit this with specially crafted ASN.1 data and cause
applications using Libtasn1 to crash, resulting in a denial of service.
(CVE-2014-3469)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  libtasn1-6                      3.4-3ubuntu0.1

Ubuntu 12.04 LTS:
  libtasn1-3                      2.10-1ubuntu1.2

Ubuntu 10.04 LTS:
  libtasn1-3                      2.4-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2294-1
  CVE-2014-3467, CVE-2014-3468, CVE-2014-3469

Package Information:
  https://launchpad.net/ubuntu/+source/libtasn1-6/3.4-3ubuntu0.1
  https://launchpad.net/ubuntu/+source/libtasn1-3/2.10-1ubuntu1.2
  https://launchpad.net/ubuntu/+source/libtasn1-3/2.4-1ubuntu0.2

Top Authors In Last 30 Days

Red Hat 239 files
Ubuntu 62 files
Debian 23 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,862)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,265)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,976)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Ubuntu Security Notice USN-2294-1

Ubuntu Security Notice USN-2294-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-2294-1

Share This

Ubuntu Security Notice USN-2294-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems