Ubuntu Security Notice 3547-1 - It was discovered that Libtasn1 incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that Libtasn1 incorrectly handled certain inputs. An attacker could possibly use this to cause Libtasn1 to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. Various other issues were also addressed.
b8b55d5fe0460d704eec560259d856c521a8613ce7b5db969f1dd85029f8c45c
==========================================================================
Ubuntu Security Notice USN-3547-1
January 25, 2018
libtasn1-6 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Libtasn1.
Software Description:
- libtasn1-6: Library to manage ASN.1 structures
Details:
It was discovered that Libtasn1 incorrectly handled certain files.
If a user were tricked into opening a crafted file, an attacker could
possibly use this to cause a denial of service. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-10790)
It was discovered that Libtasn1 incorrectly handled certain inputs.
An attacker could possibly use this to cause Libtasn1 to hang,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS and Ubuntu 17.10. (CVE-2018-6003)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libtasn1-6 4.12-2.1ubuntu0.1
Ubuntu 16.04 LTS:
libtasn1-6 4.7-3ubuntu0.16.04.3
Ubuntu 14.04 LTS:
libtasn1-6 3.4-3ubuntu0.6
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3547-1
CVE-2017-10790, CVE-2018-6003
Package Information:
https://launchpad.net/ubuntu/+source/libtasn1-6/4.12-2.1ubuntu0.1
https://launchpad.net/ubuntu/+source/libtasn1-6/4.7-3ubuntu0.16.04.3
https://launchpad.net/ubuntu/+source/libtasn1-6/3.4-3ubuntu0.6