Ubuntu Update For Libtasn1-6 USN-2294-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

It was discovered that Libtasn1 incorrectly handled certain ASN.1 data structures. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service. (CVE-2014-3467) It was discovered that Libtasn1 incorrectly handled negative bit lengths. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-3468) It was discovered that Libtasn1 incorrectly handled certain ASN.1 data. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service. (CVE-2014-3469)

Affected

libtasn1-6 on Ubuntu 14.04 LTS , Ubuntu 12.04 LTS , Ubuntu 10.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-July/002602.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for libtasn1-6 USN-2294-1

Take action and discover your vulnerabilities