Advisories » MGASA-2016-0170

Updated libtasn1 package fixes security vulnerability

Publication date: 11 May 2016
Modification date: 11 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4008

Description

Updated libtasn1 packages fix security vulnerability:
Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled
certain malformed DER certificates. A remote attacker could possibly use
this issue to cause applications using Libtasn1 to hang, resulting in a
denial of service (CVE-2016-4008).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18204
• http://www.ubuntu.com/usn/usn-2957-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008

SRPMS

5/core

• libtasn1-4.2-4.1.mga5