libtasn1-2.3-6.AXS4
エラータID: AXSA:2014-385:01
リリース日:
2014/06/10 Tuesday - 17:57
題名:
libtasn1-2.3-6.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- GNU Libtasn1 の DER デコーダには,巧妙に細工された ASN.1 データによって,リモートの攻撃者がサービス拒否 (境界外からの読み込み) を引き起こす複数の詳細不明な脆弱性があります。(CVE-2014-3467)
- GNU Libtasn1 の asn1_get_bit_der 関数には,負のビット長を用い,巧妙に細工された ASN.1 データによって,攻撃者が境界外のアクセスを行う脆弱性があります。(CVE-2014-3468)
- GNU Libtasn1 の (1) asn1_read_value_type と (2) asn1_read_value 関数には,ivalue 引数の NULL値によって,攻撃者がサービス拒否 (ヌルポインタ逆参照とクラッシュ) を引き起こす脆弱性があります。(CVE-2014-3469)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2014-3467
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
CVE-2014-3468
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
CVE-2014-3469
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
追加情報:
N/A
ダウンロード:
SRPMS
- libtasn1-2.3-6.AXS4.src.rpm
MD5: f097116b1765ed5d084845ca1a7940c8
SHA-256: b7fd1d11cf637ec377597e820aa5cffa2994a216c2ddba8aa184580649aa8590
Size: 1.43 MB
Asianux Server 4 for x86
- libtasn1-2.3-6.AXS4.i686.rpm
MD5: bfeaf03b4f4441fd6b9178a32d69c0b1
SHA-256: b848ef5ed267ded25ecda3ab32c7bbca87e8ca0c2e487c284afaf5ce8ab2c448
Size: 238.90 kB - libtasn1-devel-2.3-6.AXS4.i686.rpm
MD5: bed1d6793c63974428bc4598116f379d
SHA-256: b0c14022a0e24a641a486cedb30f7b6266d4711add79baeb63029d5ef04e0700
Size: 60.06 kB
Asianux Server 4 for x86_64
- libtasn1-2.3-6.AXS4.x86_64.rpm
MD5: bf228142d2af570e0a09593735ad26e2
SHA-256: 7fc5345761072405abbb6cec48eaf52f1f0dcd17325a31d67e12b4e56b827848
Size: 237.24 kB - libtasn1-devel-2.3-6.AXS4.x86_64.rpm
MD5: 1f97e8d102e6f2ecce4d99ec69194415
SHA-256: 71f8ff570acd1487c57bf4d050c8696defea4f0b407cb5f3d97a945fdcb38f47
Size: 59.65 kB - libtasn1-2.3-6.AXS4.i686.rpm
MD5: bfeaf03b4f4441fd6b9178a32d69c0b1
SHA-256: b848ef5ed267ded25ecda3ab32c7bbca87e8ca0c2e487c284afaf5ce8ab2c448
Size: 238.90 kB - libtasn1-devel-2.3-6.AXS4.i686.rpm
MD5: bed1d6793c63974428bc4598116f379d
SHA-256: b0c14022a0e24a641a486cedb30f7b6266d4711add79baeb63029d5ef04e0700
Size: 60.06 kB