libtasn1-6-32bit-4.17.0-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11001 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libtasn1-6-32bit-4.17.0-1.2 on GA media These are all security issues fixed in the libtasn1-6-32bit-4.17.0-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11001 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11001 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-1000654/ SUSE CVE CVE-2018-1000654 page https://www.suse.com/security/cve/CVE-2018-6003/ SUSE CVE CVE-2018-6003 page openSUSE Tumbleweed libtasn1-6-4.17.0-1.2 libtasn1-6-32bit-4.17.0-1.2 libtasn1-devel-4.17.0-1.2 libtasn1-devel-32bit-4.17.0-1.2 libtasn1-tools-4.17.0-1.2 libtasn1-6-4.17.0-1.2 as a component of openSUSE Tumbleweed libtasn1-6-32bit-4.17.0-1.2 as a component of openSUSE Tumbleweed libtasn1-devel-4.17.0-1.2 as a component of openSUSE Tumbleweed libtasn1-devel-32bit-4.17.0-1.2 as a component of openSUSE Tumbleweed libtasn1-tools-4.17.0-1.2 as a component of openSUSE Tumbleweed GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. CVE-2018-1000654 openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2 openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2 openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2 openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2 openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-1000654.html CVE-2018-1000654 https://bugzilla.suse.com/1105435 SUSE Bug 1105435 An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. CVE-2018-6003 openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2 openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2 openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2 openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2 openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6003.html CVE-2018-6003 https://bugzilla.suse.com/1076832 SUSE Bug 1076832