Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.1339
libtasn1-6 security update
26 May 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libtasn1-6
Publisher: Debian
Operating System: Debian GNU/Linux 8
Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2017-6891
Original Bulletin:
http://www.debian.org/security/2017/dsa-3861
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running libtasn1-6 check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3861-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
May 24, 2017 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : libtasn1-6
CVE ID : CVE-2017-6891
Debian Bug : 863186
Jakub Jirasek of Secunia Research discovered that libtasn1, a library
used to handle Abstract Syntax Notation One structures, did not
properly validate its input. This would allow an attacker to cause a
crash by denial-of-service, or potentially execute arbitrary code, by
tricking a user into processing a maliciously crafted assignments
file.
For the stable distribution (jessie), this problem has been fixed in
version 4.2-3+deb8u3.
We recommend that you upgrade your libtasn1-6 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlklZPgACgkQEL6Jg/PV
nWRNUwf/YLbBSZHehTbAownbmetsYDS0q5RWMXfOXg90Gbw6u0q/WR6SW75HeZa/
e+1kCACAEAwZB4hluuW7fb8U3nMrxCKIAowxbNfs4DPq32ssihBtt4WsN/FFfpWf
4MT6N2NSrFLUps8dcsw1LnjKTdWNougbsyq3nIychGbKCXXJaTxgJAv/T/M4zJFg
BUSlmczfaBE8SGLxK1pBn4v8DhhVGNwWxi5NCfHqPqYV1ZkQ4ZsI+XdyNwqMQfVw
AkuI4zuXQUXNwK1WhQgnU9DrSgU3feCE7+W55J7ThRZ8yzSamBtM1VhCJx8eyHyf
qL46KT5ZdzP8lx8/4SY2Et12cv1j4g==
=GFJZ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWSden4x+lLeg9Ub1AQg84BAAmhb6NnywiZz+rk7TbKGIH5FhSfshyBFq
aj0teCuBfUXnt4lEdtMEwUbCtpWrUcjLnK/KCElx3aYwgvUpiiwSVBHzDb8gKIuk
JV+svBozbag8TIy4i9E/qkA28FvgSH0Xw7vwUf9SPzIYILVww1eF0OXXJiGaohPg
qxpNaRcZ8boS+tnN78LrdnbuLOm3OB0JhZB2JShODHzNOSekrntejDqSGzBEQVwY
ERbYbQMBMIhS5PTMExTePOkcpN7ewjwBvDMowBNA1cZqZSuWFXzWkFHcPQRhApoV
tmSVXJQJLUxBCJU0smSrDmRVmaT3+w+jJaSL/xeWPnIRrap+K1+8HQg8uNBOK0Gp
gg7i18O22WK7ipEZDELPHo0IBZOhGvWES19OFF5WznIhwX9dRemyJ4T00zx6Awy2
e1j/hyLZnxcdbbETUvVe7FJVynlK6FLtdFFI2eu1DScQPOv+vrepHQM7Yo2hBoNJ
gL1C1NbhZHEmvVAp5mK/djJfwTCTToZRJA/zhKN/Qu9UCghSiLEjjykkj3UYJcW9
5FiWk6FJvYUUgjpIDKvzMDJRg7ll4i2spLst0N3VVK62ieppVjx7+UsGsxtz41Mt
N3XT8xQEfbcaToEqulkh9QSXuG4YqDYPl9W2xw2c3NboZ+/OduV3h4nGmvAUzJrB
3pVgl2Tnurw=
=UXHU
-----END PGP SIGNATURE-----