Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1339 libtasn1-6 security update 26 May 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libtasn1-6 Publisher: Debian Operating System: Debian GNU/Linux 8 Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-6891 Original Bulletin: http://www.debian.org/security/2017/dsa-3861 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running libtasn1-6 check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3861-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond May 24, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libtasn1-6 CVE ID : CVE-2017-6891 Debian Bug : 863186 Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into processing a maliciously crafted assignments file. For the stable distribution (jessie), this problem has been fixed in version 4.2-3+deb8u3. We recommend that you upgrade your libtasn1-6 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlklZPgACgkQEL6Jg/PV nWRNUwf/YLbBSZHehTbAownbmetsYDS0q5RWMXfOXg90Gbw6u0q/WR6SW75HeZa/ e+1kCACAEAwZB4hluuW7fb8U3nMrxCKIAowxbNfs4DPq32ssihBtt4WsN/FFfpWf 4MT6N2NSrFLUps8dcsw1LnjKTdWNougbsyq3nIychGbKCXXJaTxgJAv/T/M4zJFg BUSlmczfaBE8SGLxK1pBn4v8DhhVGNwWxi5NCfHqPqYV1ZkQ4ZsI+XdyNwqMQfVw AkuI4zuXQUXNwK1WhQgnU9DrSgU3feCE7+W55J7ThRZ8yzSamBtM1VhCJx8eyHyf qL46KT5ZdzP8lx8/4SY2Et12cv1j4g== =GFJZ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWSden4x+lLeg9Ub1AQg84BAAmhb6NnywiZz+rk7TbKGIH5FhSfshyBFq aj0teCuBfUXnt4lEdtMEwUbCtpWrUcjLnK/KCElx3aYwgvUpiiwSVBHzDb8gKIuk JV+svBozbag8TIy4i9E/qkA28FvgSH0Xw7vwUf9SPzIYILVww1eF0OXXJiGaohPg qxpNaRcZ8boS+tnN78LrdnbuLOm3OB0JhZB2JShODHzNOSekrntejDqSGzBEQVwY ERbYbQMBMIhS5PTMExTePOkcpN7ewjwBvDMowBNA1cZqZSuWFXzWkFHcPQRhApoV tmSVXJQJLUxBCJU0smSrDmRVmaT3+w+jJaSL/xeWPnIRrap+K1+8HQg8uNBOK0Gp gg7i18O22WK7ipEZDELPHo0IBZOhGvWES19OFF5WznIhwX9dRemyJ4T00zx6Awy2 e1j/hyLZnxcdbbETUvVe7FJVynlK6FLtdFFI2eu1DScQPOv+vrepHQM7Yo2hBoNJ gL1C1NbhZHEmvVAp5mK/djJfwTCTToZRJA/zhKN/Qu9UCghSiLEjjykkj3UYJcW9 5FiWk6FJvYUUgjpIDKvzMDJRg7ll4i2spLst0N3VVK62ieppVjx7+UsGsxtz41Mt N3XT8xQEfbcaToEqulkh9QSXuG4YqDYPl9W2xw2c3NboZ+/OduV3h4nGmvAUzJrB 3pVgl2Tnurw= =UXHU -----END PGP SIGNATURE-----