Arch Linux Security Advisory ASA-201504-3 =========================================
Severity: Low Date : 2015-04-03 CVE-ID : CVE-2015-2806 Package : libtasn1 Type : stack overflow Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package libtasn1 before version 4.4-1 is vulnerable to a two-byte stack overflow in DER decoding. Resolution ========== Upgrade to 4.4-1. # pacman -Syu "libtasn1>=4.4-1" The problem has been fixed upstream in version 4.4. Workaround ========== None. Description =========== A two-byte stack overflow has been found in the ASN.1 DER decoding logic of libtasn1. Impact ====== An attacker may be able to crash a program using libtasn1 by submitting a crafted X.509 structure to the program. References ========== https://access.redhat.com/security/cve/CVE-2015-2806 https://lists.gnu.org/archive/html/help-libtasn1/2015-03/msg00002.html http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=4d4f992826a4962790ecd0cce6fbba4a415ce149;hp=77068c35a32cc31ba6b3af257921ca90696c7945
signature.asc
Description: OpenPGP digital signature
