CVE-2014-3467

Published: 05 June 2014

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

Priority

Status

Package	Release	Status
libtasn1-3 Launchpad, Ubuntu, Debian	Upstream	Needs triage






	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
libtasn1-6 Launchpad, Ubuntu, Debian	Upstream	Released (3.6)






	Ubuntu 14.04 ESM (Trusty Tahr)	Released (3.4-3ubuntu0.1)
	Patches: Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=ff3b5c68cc32e30d19edbbc3a962b2266029f3cc Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=b32eae0501626fa8f28d3746246cef853b6a631e Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=0e80d79db71747644394fe3472dad28cd3e7b00b Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=154909136c12cfa5c60732b7210827dfb1ec6aee Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=eb83e268099b92e046f4ec224c8296f7bb61f159 Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=25d7f2dbb74fa5033117e52638f082b94b3ef5fa Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=37a16434131c6ad8745b9accefec5cecb4cbb5b7 Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=df4b741dfc41c1930fd73a5c7968479196961508 Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=cc10a8c5443c751d920cfaca1f104089e43296be Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=609d5c1366fb424f6150c4eed358d246e61cf204 Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=6fee6745b1bd1a82f16ae9b607855a3e3ab39fc6 Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=af0e8cd0bacf47ecce049165d3bc1ed9e861df1c Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=92541f56adbdb56bbc97b07c2e073bbcd9f11b4a Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=f245088c5bd6c7e9bea18e5601ee24d431531558 Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=51612fca32dda445056ca9a7533bae258acd3ecb Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=02d59b37540609c0be510642a8eb0f72799ca6c6 Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=44a4680d83fe4ff732e4e1b826c987bc5d67bd1c Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=53958290ab731c8486531a3bdef54a933533579d Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=045ac8d01857265f422d0d74ca99944f70c0b9e3 Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=f09f2b9e497d0597f3372014838df08f81f653b4 Upstream: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=6cd01f6f8f5fe4a85d4df3febec4d9133e360b72

References

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3467

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM