First published: Mon Mar 30 2015(Updated: )
From <a href="http://lists.gnu.org/archive/html/help-libtasn1/2015-03/msg00002.html">http://lists.gnu.org/archive/html/help-libtasn1/2015-03/msg00002.html</a>: GNU Libtasn1 is a standalone library written in C for manipulating ASN.1 objects including DER/BER encoding/decoding. GNU Libtasn1 is used by GnuTLS to handle X.509 structures and by GNU Shishi to handle Kerberos V5 structures. * Noteworthy changes in release 4.4 (released 2015-03-29) [stable] - Corrected a two-byte stack overflow in asn1_der_decoding. Reported by Hanno Böck. Exact commit that fixes this: <a href="http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149">http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149</a> CVE request: <a href="http://seclists.org/oss-sec/2015/q1/1038">http://seclists.org/oss-sec/2015/q1/1038</a>
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Ubuntu Linux | =10.04 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =14.10 | |
Debian Debian Linux | =7.0 | |
Fedoraproject Fedora | =20 | |
Fedoraproject Fedora | =21 | |
Fedoraproject Fedora | =22 | |
GNU Libtasn1 | <=4.3 | |
redhat/libtasn1 | <4.4 | 4.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.