All, this release fixes several serious bugs that would make the DER decoder in libtasn1 crash on invalid input. The problems were reported by Evgeny Legerov on the 31th of January. New releases of GnuTLS will follow later today.
We invite more detailed analysis of the problem, following our general security advisory approach explained on: http://www.gnu.org/software/gnutls/security.html Particularly, it would be useful to answer the question of whether these bugs are possible to exploit remotely. It is certainly possible to cause the server to crash. We don't have resources to investigate this problem more ourselves currently. To make it easier for you to review this problem, I have prepared a self test that trigger three bugs in the old libtasn1. It will be part of GnuTLS 1.3.4, in tests/certder.c. I have also created a diff between libtasn1 0.2.17 and libtasn1 0.2.18. I contains unrelated fixes too, but it is not too large. It is available from: http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch Please send your analysis to [EMAIL PROTECTED] and I'll update the security advisory web page pointing to it. Libtasn1 is a standalone library written in C for manipulating ASN.1 objects including DER encoding and DER decoding. It is used by GnuTLS to manipulate X.509 objects and by GNU Shishi to handle Kerberos packets. Version 0.2.18 - Fix out-of-bounds access in DER decoding, reported by Evgeny Legerov. - Add 'const' keyword to some prototypes, thanks to Frediano ZIGLIO. - Fixed typo in src/Makefile.am to make it build with objdir != srcdir, thanks to Bernard Leak. - Update of gnulib files. - Typo fixes in comments, e.g. finish libasn1 to libtasn1 renaming, use LGPL boiler plate on some files in lib/. Commercial support contracts for Libtasn1 are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding Libtasn1 maintenance. We are always looking for interesting development projects. If you need help to use Libtasn1, or want to help others, you are invited to join our help-gnutls mailing list, see: <http://lists.gnu.org/mailman/listinfo/help-gnutls>. Homepage: http://josefsson.org/libtasn1/ Manual in many formats: http://josefsson.org/gnutls/manual/libtasn1/ Here are the compressed sources: ftp://ftp.gnutls.org/pub/gnutls/libtasn1/libtasn1-0.2.18.tar.gz (888KB) http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18.tar.gz Here are GPG detached signatures using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/libtasn1/libtasn1-0.2.18.tar.gz.sig http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18.tar.gz.sig Here are the SHA-1 checksums: 4f9c1be1586083cd605e17c7948f94deed63b024 libtasn1-0.2.18.tar.gz 08d625e5fbabee2710f9789c8508397e481b048b libtasn1-0.2.18.tar.gz.sig Enjoy, Nikos and Simon
pgpx4uZNxa0NP.pgp
Description: PGP signature
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
