libtasn1-4.9-1.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10414 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libtasn1-4.9-1.3 on GA media These are all security issues fixed in the libtasn1-4.9-1.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10414 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10414 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2014-3467/ SUSE CVE CVE-2014-3467 page https://www.suse.com/security/cve/CVE-2014-3468/ SUSE CVE CVE-2014-3468 page https://www.suse.com/security/cve/CVE-2014-3469/ SUSE CVE CVE-2014-3469 page https://www.suse.com/security/cve/CVE-2015-2806/ SUSE CVE CVE-2015-2806 page https://www.suse.com/security/cve/CVE-2015-3622/ SUSE CVE CVE-2015-3622 page https://www.suse.com/security/cve/CVE-2016-4008/ SUSE CVE CVE-2016-4008 page openSUSE Tumbleweed libtasn1-4.9-1.3 libtasn1-6-4.9-1.3 libtasn1-6-32bit-4.9-1.3 libtasn1-devel-4.9-1.3 libtasn1-devel-32bit-4.9-1.3 libtasn1-4.9-1.3 as a component of openSUSE Tumbleweed libtasn1-6-4.9-1.3 as a component of openSUSE Tumbleweed libtasn1-6-32bit-4.9-1.3 as a component of openSUSE Tumbleweed libtasn1-devel-4.9-1.3 as a component of openSUSE Tumbleweed libtasn1-devel-32bit-4.9-1.3 as a component of openSUSE Tumbleweed Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. CVE-2014-3467 openSUSE Tumbleweed:libtasn1-4.9-1.3 openSUSE Tumbleweed:libtasn1-6-32bit-4.9-1.3 openSUSE Tumbleweed:libtasn1-6-4.9-1.3 openSUSE Tumbleweed:libtasn1-devel-32bit-4.9-1.3 openSUSE Tumbleweed:libtasn1-devel-4.9-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3467.html CVE-2014-3467 https://bugzilla.suse.com/880737 SUSE Bug 880737 https://bugzilla.suse.com/880910 SUSE Bug 880910 The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. CVE-2014-3468 openSUSE Tumbleweed:libtasn1-4.9-1.3 openSUSE Tumbleweed:libtasn1-6-32bit-4.9-1.3 openSUSE Tumbleweed:libtasn1-6-4.9-1.3 openSUSE Tumbleweed:libtasn1-devel-32bit-4.9-1.3 openSUSE Tumbleweed:libtasn1-devel-4.9-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3468.html CVE-2014-3468 https://bugzilla.suse.com/880735 SUSE Bug 880735 https://bugzilla.suse.com/880910 SUSE Bug 880910 The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. CVE-2014-3469 openSUSE Tumbleweed:libtasn1-4.9-1.3 openSUSE Tumbleweed:libtasn1-6-32bit-4.9-1.3 openSUSE Tumbleweed:libtasn1-6-4.9-1.3 openSUSE Tumbleweed:libtasn1-devel-32bit-4.9-1.3 openSUSE Tumbleweed:libtasn1-devel-4.9-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3469.html CVE-2014-3469 https://bugzilla.suse.com/880738 SUSE Bug 880738 https://bugzilla.suse.com/880910 SUSE Bug 880910 Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. CVE-2015-2806 openSUSE Tumbleweed:libtasn1-4.9-1.3 openSUSE Tumbleweed:libtasn1-6-32bit-4.9-1.3 openSUSE Tumbleweed:libtasn1-6-4.9-1.3 openSUSE Tumbleweed:libtasn1-devel-32bit-4.9-1.3 openSUSE Tumbleweed:libtasn1-devel-4.9-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2806.html CVE-2015-2806 https://bugzilla.suse.com/924828 SUSE Bug 924828 https://bugzilla.suse.com/929414 SUSE Bug 929414 https://bugzilla.suse.com/961491 SUSE Bug 961491 https://bugzilla.suse.com/969208 SUSE Bug 969208 The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. CVE-2015-3622 openSUSE Tumbleweed:libtasn1-4.9-1.3 openSUSE Tumbleweed:libtasn1-6-32bit-4.9-1.3 openSUSE Tumbleweed:libtasn1-6-4.9-1.3 openSUSE Tumbleweed:libtasn1-devel-32bit-4.9-1.3 openSUSE Tumbleweed:libtasn1-devel-4.9-1.3 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3622.html CVE-2015-3622 https://bugzilla.suse.com/929414 SUSE Bug 929414 The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. CVE-2016-4008 openSUSE Tumbleweed:libtasn1-4.9-1.3 openSUSE Tumbleweed:libtasn1-6-32bit-4.9-1.3 openSUSE Tumbleweed:libtasn1-6-4.9-1.3 openSUSE Tumbleweed:libtasn1-devel-32bit-4.9-1.3 openSUSE Tumbleweed:libtasn1-devel-4.9-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4008.html CVE-2016-4008 https://bugzilla.suse.com/982779 SUSE Bug 982779