Advisories » MGASA-2017-0159

Updated libtasn1 packages fix security vulnerability

Publication date: 08 Jun 2017
Modification date: 08 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-6891

Description

Jakub Jirasek of Secunia Research discovered that libtasn1 did not
properly validate its input. This would allow an attacker to cause a
crash by denial-of-service, or potentially execute arbitrary code, by
tricking a user into processing a maliciously crafted assignments file
(CVE-2017-6891).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20931
• https://www.debian.org/security/2017/dsa-3861
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891

SRPMS

5/core

• libtasn1-4.2-4.2.mga5