Bugzilla – Bug 880738
VUL-0: CVE-2014-3469: libtasn1: Possible DoS by Null Dereference
Last modified: 2014-07-30 11:56:30 UTC
A NULL pointer dereference flaw was found in libtasn1's asn1_read_value_type() / asn1_read_value() function. If an application called the function with a NULL value for an ivalue argument to determine the amount of memory needed to store data to be read from the ASN.1 input, libtasn1 could incorrectly attempt to dereference the NULL pointer, causing an application using the library to crash. Fixed upstream in libtasn1 3.6: http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html Please submit for SLE11-SP3, SLE12, openSUSE 12.3 and openSUSE 13.1. References: https://bugzilla.redhat.com/show_bug.cgi?id=1102329 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-06-06. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/57609
again, not my playground from the changelog the last significant version update was done by meissner@suse.com other than that it looks like this package has no dedicated maintainer. @Marcus Meissner, hope you don't mind
bugbot adjusting priority
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-06-09. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/57618
This is an autogenerated message for OBS integration: This bug (880738) was mentioned in https://build.opensuse.org/request/show/236130 Factory / libtasn1
Fixes submitted for SLE 11, SLE 12, openSUSE 12.3 and openSUSE 13.1. I would suggest waiting for the related submission for bnc#880737 before pushing.
This is an autogenerated message for OBS integration: This bug (880738) was mentioned in https://build.opensuse.org/request/show/237601 13.1 / libtasn1 https://build.opensuse.org/request/show/237602 12.3 / libtasn1
Resubmitted, with resolved conflicts for osc, with request 41158.
Please ignore the previous comment; I posted it to the wrong bug.
SUSE-SU-2014:0931-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 880735,880737,880738 CVE References: CVE-2014-3467,CVE-2014-3468,CVE-2014-3469 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): libtasn1-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): libtasn1-1.5-1.28.1 SUSE Linux Enterprise Server 11 SP3 (src): libtasn1-1.5-1.28.1 SUSE Linux Enterprise Desktop 11 SP3 (src): libtasn1-1.5-1.28.1
This is an autogenerated message for OBS integration: This bug (880738) was mentioned in https://build.opensuse.org/request/show/242449 Factory / libtasn1
released