========================================================================== Ubuntu Security Notice USN-3547-1 January 25, 2018
libtasn1-6 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Libtasn1. Software Description: - libtasn1-6: Library to manage ASN.1 structures Details: It was discovered that Libtasn1 incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-10790) It was discovered that Libtasn1 incorrectly handled certain inputs. An attacker could possibly use this to cause Libtasn1 to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6003) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libtasn1-6 4.12-2.1ubuntu0.1 Ubuntu 16.04 LTS: libtasn1-6 4.7-3ubuntu0.16.04.3 Ubuntu 14.04 LTS: libtasn1-6 3.4-3ubuntu0.6 In general, a standard system update will make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3547-1 CVE-2017-10790, CVE-2018-6003 Package Information: https://launchpad.net/ubuntu/+source/libtasn1-6/4.12-2.1ubuntu0.1 https://launchpad.net/ubuntu/+source/libtasn1-6/4.7-3ubuntu0.16.04.3 https://launchpad.net/ubuntu/+source/libtasn1-6/3.4-3ubuntu0.6
signature.asc
Description: This is a digitally signed message part
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
