Security update for libtasn1 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:0901-1 Final 1 1 2014-07-17T14:16:08Z current 2014-07-17T14:16:08Z 2014-07-17T14:16:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libtasn1 libtasn1 has been updated to fix three security issues: * asn1_get_bit_der() could have returned negative bit length (CVE-2014-3468) * Multiple boundary check issues could have allowed DoS (CVE-2014-3467) * Possible DoS by NULL pointer dereference in asn1_read_value_type (CVE-2014-3469) Security Issues: * CVE-2014-3468 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468> * CVE-2014-3467 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467> * CVE-2014-3469 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469> The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp3-libtasn1,sledsp3-libtasn1,slessp3-libtasn1 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20150901-1/ Link for SUSE-SU-2015:0901-1 https://lists.suse.com/pipermail/sle-security-updates/2015-May/001393.html E-Mail link for SUSE-SU-2015:0901-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/880735 SUSE Bug 880735 https://bugzilla.suse.com/880737 SUSE Bug 880737 https://bugzilla.suse.com/880738 SUSE Bug 880738 https://bugzilla.suse.com/924828 SUSE Bug 924828 https://www.suse.com/security/cve/CVE-2014-3467/ SUSE CVE CVE-2014-3467 page https://www.suse.com/security/cve/CVE-2014-3468/ SUSE CVE CVE-2014-3468 page https://www.suse.com/security/cve/CVE-2014-3469/ SUSE CVE CVE-2014-3469 page https://www.suse.com/security/cve/CVE-2015-2806/ SUSE CVE CVE-2015-2806 page SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 libtasn1-devel-1.5-1.28.1 libtasn1-1.5-1.28.1 libtasn1-3-1.5-1.28.1 libtasn1-3-32bit-1.5-1.28.1 libtasn1-3-x86-1.5-1.28.1 libtasn1-1.5-1.28.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 libtasn1-3-1.5-1.28.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 libtasn1-3-32bit-1.5-1.28.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 libtasn1-1.5-1.28.1 as a component of SUSE Linux Enterprise Server 11 SP3 libtasn1-3-1.5-1.28.1 as a component of SUSE Linux Enterprise Server 11 SP3 libtasn1-3-32bit-1.5-1.28.1 as a component of SUSE Linux Enterprise Server 11 SP3 libtasn1-3-x86-1.5-1.28.1 as a component of SUSE Linux Enterprise Server 11 SP3 libtasn1-1.5-1.28.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA libtasn1-3-1.5-1.28.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA libtasn1-3-32bit-1.5-1.28.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA libtasn1-3-x86-1.5-1.28.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA libtasn1-1.5-1.28.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 libtasn1-3-1.5-1.28.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 libtasn1-3-32bit-1.5-1.28.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 libtasn1-3-x86-1.5-1.28.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 libtasn1-devel-1.5-1.28.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. CVE-2014-3467 SUSE Linux Enterprise Desktop 11 SP3:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Desktop 11 SP3:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Desktop 11 SP3:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-3-x86-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-3-x86-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-3-x86-1.5-1.28.1 SUSE Linux Enterprise Software Development Kit 11 SP3:libtasn1-devel-1.5-1.28.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150901-1/ https://www.suse.com/security/cve/CVE-2014-3467.html CVE-2014-3467 https://bugzilla.suse.com/880737 SUSE Bug 880737 https://bugzilla.suse.com/880910 SUSE Bug 880910 The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. CVE-2014-3468 SUSE Linux Enterprise Desktop 11 SP3:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Desktop 11 SP3:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Desktop 11 SP3:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-3-x86-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-3-x86-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-3-x86-1.5-1.28.1 SUSE Linux Enterprise Software Development Kit 11 SP3:libtasn1-devel-1.5-1.28.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150901-1/ https://www.suse.com/security/cve/CVE-2014-3468.html CVE-2014-3468 https://bugzilla.suse.com/880735 SUSE Bug 880735 https://bugzilla.suse.com/880910 SUSE Bug 880910 The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. CVE-2014-3469 SUSE Linux Enterprise Desktop 11 SP3:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Desktop 11 SP3:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Desktop 11 SP3:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-3-x86-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-3-x86-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-3-x86-1.5-1.28.1 SUSE Linux Enterprise Software Development Kit 11 SP3:libtasn1-devel-1.5-1.28.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150901-1/ https://www.suse.com/security/cve/CVE-2014-3469.html CVE-2014-3469 https://bugzilla.suse.com/880738 SUSE Bug 880738 https://bugzilla.suse.com/880910 SUSE Bug 880910 Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. CVE-2015-2806 SUSE Linux Enterprise Desktop 11 SP3:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Desktop 11 SP3:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Desktop 11 SP3:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtasn1-3-x86-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3:libtasn1-3-x86-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-3-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-3-32bit-1.5-1.28.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtasn1-3-x86-1.5-1.28.1 SUSE Linux Enterprise Software Development Kit 11 SP3:libtasn1-devel-1.5-1.28.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150901-1/ https://www.suse.com/security/cve/CVE-2015-2806.html CVE-2015-2806 https://bugzilla.suse.com/924828 SUSE Bug 924828 https://bugzilla.suse.com/929414 SUSE Bug 929414 https://bugzilla.suse.com/961491 SUSE Bug 961491 https://bugzilla.suse.com/969208 SUSE Bug 969208