|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200602-08] libtasn1, GNU TLS: Security flaw in DER decoding Vulnerability Scan
Vulnerability Scan Summary libtasn1, GNU TLS: Security flaw in DER decoding
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200602-08
(libtasn1, GNU TLS: Security flaw in DER decoding)
Evgeny Legerov has reported a flaw in the DER decoding routines
provided by libtasn1, which could cause an out of bounds access to
occur.
Impact
A remote attacker could cause an application using libtasn1 to
crash and potentially execute arbitrary code by sending specially
crafted input.
Workaround
There is no known workaround at this time.
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0645
Solution:
All libtasn1 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libtasn1-0.2.18"
All GNU TLS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/gnutls-1.2.10"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|