Advisories » MGASA-2018-0121

Updated libtasn1 packages fix security vulnerability

Publication date: 08 Feb 2018
Modification date: 08 Feb 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-10790 , CVE-2018-6003

Description

It was discovered that Libtasn1 incorrectly handled certain files. If a
user were tricked into opening a crafted file, an attacker could possibly
use this to cause a denial of service (CVE-2017-10790).

It was discovered that Libtasn1 incorrectly handled certain inputs. An
attacker could possibly use this to cause Libtasn1 to hang, resulting in a
denial of service (CVE-2018-6003).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22462
• https://usn.ubuntu.com/usn/usn-3547-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003

SRPMS

6/core

• libtasn1-4.13-1.mga6