-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libtasn1-3 Version : 2.13-2+deb7u4 CVE ID : CVE-2017-6891
Secunia Research has discovered multiple vulnerabilities in GnuTLS libtasn1, which can be exploited by malicious people to compromise a vulnerable system. Two errors in the "asn1_find_node()" function (lib/parser_aux.c) can be exploited to cause a stacked-based buffer overflow. Successful exploitation of the vulnerabilities allows execution of arbitrary code but requires tricking a user into processing a specially crafted assignments file by e.g. asn1Coding utility. For Debian 7 "Wheezy", this problem has been fixed in version 2.13-2+deb7u4. We recommend that you upgrade your libtasn1-3 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJZJJ1vXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHYW0QAKM/5hUUwx1ICOOYbrly07BS f0vTytCe+9cJCltiawHONTOULni0syTFfTttgWuF+vGrEDbd43mFE8ZEvGGQVE/K 3MhDax0tdiaI/M4535OaVObYB8C0YqBe8NS8PRn6Rhf4DbMifDXN1MBIwS9p4ANk eGj1GJtI3kc7aDMwqJMboaLCypZTvas7htUjCD9Ot8tS8e6ArMLFmjtQVlON+AB2 dUoYu1kXRvPhx39c7EjOvEMVtM1TlklIt7cTRMAaMZw9GFyUjwxPCtMRkrRzeSme kBEYDAWqG+Fp2GLUU4orHNBLFS8hhepxVFjPM/zkRfqJ6HAiwECS8/4Bdko+IAwJ V/a277OcQvFwG6ryJjh8ppvgcy8rn+8Due0hC8Vk60EQqdj3Y1h1EUN5ohWUm7Q+ LLPyl3IBaEpj4gcjiB7/jDIBK8uumXjcC9pqXBGIWz1JTu8vd1CXnSTdSgNzl2O2 l76jIDzpD8Ts1yKqEl3H8ST+N76j4Zx5QNAg6FkK5rkB/lwpHYvpavldHJK1ucjX 1cfXXaGzMHvDhm/cQ4XaDbnCR3c+FYK1k0V/XKX1UD2Vv9w2XZJdz0NBjHMD6X+e C6Flczt3NgBu6pZsMwXC2xXJ6JrLiSXTrF6tIamG9Ce7LqYB0dxIbTaXGb5tItxK EYL/iaxPP3tCEW2camvI =zBHp -----END PGP SIGNATURE-----
