Bug#863186: libtasn1-6: CVE-2017-6891
Salvatore Bonaccorso
carnil at debian.org
Tue May 23 04:57:49 UTC 2017
Source: libtasn1-6
Version: 4.2-3
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for libtasn1-6.
CVE-2017-6891[0]:
| Two errors in the "asn1_find_node()" function (lib/parser_aux.c)
| within GnuTLS libtasn1 version 4.10 can be exploited to cause a
| stacked-based buffer overflow by tricking a user into processing a
| specially crafted assignments file via the e.g. asn1Coding utility.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-6891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891
[1] https://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484
Regards,
Salvatore
More information about the Pkg-gnutls-maint
mailing list