Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-6891 (GCVE-0-2017-6891)
Vulnerability from cvelistv5
Published
2017-05-22 19:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Stack-based buffer overflow leading to system compromise
Summary
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Flexera Software LLC | GnuTLS libtasn1 |
Version: 4.10. Other versions may also be affected. |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T15:41:17.677Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "GLSA-201710-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-11" }, { "name": "DSA-3861", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3861" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484" }, { "name": "98641", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98641" }, { "name": "1038619", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038619" }, { "name": "openSUSE-SU-2019:1510", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GnuTLS libtasn1", "vendor": "Flexera Software LLC", "versions": [ { "status": "affected", "version": "4.10. Other versions may also be affected." } ] } ], "datePublic": "2017-05-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility." } ], "problemTypes": [ { "descriptions": [ { "description": "Stack-based buffer overflow leading to system compromise", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-29T14:07:27", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera" }, "references": [ { "name": "GLSA-201710-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-11" }, { "name": "DSA-3861", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3861" }, { "tags": [ "x_refsource_MISC" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484" }, { "name": "98641", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98641" }, { "name": "1038619", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038619" }, { "name": "openSUSE-SU-2019:1510", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2017-6891", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GnuTLS libtasn1", "version": { "version_data": [ { "version_value": "4.10. Other versions may also be affected." } ] } } ] }, "vendor_name": "Flexera Software LLC" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Stack-based buffer overflow leading to system compromise" } ] } ] }, "references": { "reference_data": [ { "name": "GLSA-201710-11", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-11" }, { "name": "DSA-3861", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3861" }, { "name": "https://secuniaresearch.flexerasoftware.com/advisories/76125/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/" }, { "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/" }, { "name": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484" }, { "name": "98641", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98641" }, { "name": "1038619", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038619" }, { "name": "openSUSE-SU-2019:1510", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2017-6891", "datePublished": "2017-05-22T19:00:00", "dateReserved": "2017-03-14T00:00:00", "dateUpdated": "2024-08-05T15:41:17.677Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-6891\",\"sourceIdentifier\":\"PSIRT-CNA@flexerasoftware.com\",\"published\":\"2017-05-22T19:29:00.250\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Two errors in the \\\"asn1_find_node()\\\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.\"},{\"lang\":\"es\",\"value\":\"Se pueden explotar dos errores en la funci\u00f3n \\\\\\\"asn1_find_node()\\\\\\\" (lib/parser_aux.c) en GnuTLS libtasn1 versi\u00f3n 4.10 para provocar un desbordamiento de b\u00fafer basado en pila enga\u00f1ando a un usuario para que procese un archivo de asignaciones especialmente manipulado mediante la utilidad de ejemplo asn1Coding.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:libtasn1:4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17277D17-DF6A-4594-B9FA-8D91EFF3ADBC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:bookkeeper:4.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB293558-0DB0-4EEB-A91C-7B00A9FA634E\"}]}]}],\"references\":[{\"url\":\"http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3861\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/98641\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038619\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://secuniaresearch.flexerasoftware.com/advisories/76125/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-11\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3861\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/98641\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038619\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://secuniaresearch.flexerasoftware.com/advisories/76125/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
gsd-2017-6891
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2017-6891", "description": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", "id": "GSD-2017-6891", "references": [ "https://www.suse.com/security/cve/CVE-2017-6891.html", "https://www.debian.org/security/2017/dsa-3861", "https://ubuntu.com/security/CVE-2017-6891", "https://advisories.mageia.org/CVE-2017-6891.html", "https://security.archlinux.org/CVE-2017-6891" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2017-6891" ], "details": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", "id": "GSD-2017-6891", "modified": "2023-12-13T01:21:09.855525Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2017-6891", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GnuTLS libtasn1", "version": { "version_data": [ { "version_value": "4.10. Other versions may also be affected." } ] } } ] }, "vendor_name": "Flexera Software LLC" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Stack-based buffer overflow leading to system compromise" } ] } ] }, "references": { "reference_data": [ { "name": "GLSA-201710-11", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-11" }, { "name": "DSA-3861", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3861" }, { "name": "https://secuniaresearch.flexerasoftware.com/advisories/76125/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/" }, { "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/" }, { "name": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484" }, { "name": "98641", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98641" }, { "name": "1038619", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038619" }, { "name": "openSUSE-SU-2019:1510", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:gnu:libtasn1:4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:bookkeeper:4.12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2017-6891" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/" }, { "name": "https://secuniaresearch.flexerasoftware.com/advisories/76125/", "refsource": "MISC", "tags": [ "Permissions Required" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/" }, { "name": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484" }, { "name": "98641", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/98641" }, { "name": "1038619", "refsource": "SECTRACK", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038619" }, { "name": "GLSA-201710-11", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-11" }, { "name": "DSA-3861", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3861" }, { "name": "openSUSE-SU-2019:1510", "refsource": "SUSE", "tags": [ "Broken Link" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } }, "lastModifiedDate": "2023-02-03T19:05Z", "publishedDate": "2017-05-22T19:29Z" } } }
suse-su-2022:3797-1
Vulnerability from csaf_suse
Published
2022-10-27 12:34
Modified
2022-10-27 12:34
Summary
Security update for libtasn1
Notes
Title of the patch
Security update for libtasn1
Description of the patch
This update for libtasn1 fixes the following issues:
Security issue fixed:
- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).
- CVE-2017-6891: Added safety check to fix a stack overflow issue (bsc#1040621).
- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690)
Patchnames
SUSE-2022-3797,SUSE-SLE-SERVER-12-SP2-BCL-2022-3797
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for libtasn1", "title": "Title of the patch" }, { "category": "description", "text": "This update for libtasn1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).\n- CVE-2017-6891: Added safety check to fix a stack overflow issue (bsc#1040621).\n- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690)\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2022-3797,SUSE-SLE-SERVER-12-SP2-BCL-2022-3797", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3797-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2022:3797-1", "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223797-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2022:3797-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012726.html" }, { "category": "self", "summary": "SUSE Bug 1040621", "url": "https://bugzilla.suse.com/1040621" }, { "category": "self", "summary": "SUSE Bug 1105435", "url": "https://bugzilla.suse.com/1105435" }, { "category": "self", "summary": "SUSE Bug 1204690", "url": "https://bugzilla.suse.com/1204690" }, { "category": "self", "summary": "SUSE CVE CVE-2017-6891 page", "url": "https://www.suse.com/security/cve/CVE-2017-6891/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-1000654 page", "url": "https://www.suse.com/security/cve/CVE-2018-1000654/" }, { "category": "self", "summary": "SUSE CVE CVE-2021-46848 page", "url": "https://www.suse.com/security/cve/CVE-2021-46848/" } ], "title": "Security update for libtasn1", "tracking": { "current_release_date": "2022-10-27T12:34:13Z", "generator": { "date": "2022-10-27T12:34:13Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2022:3797-1", "initial_release_date": "2022-10-27T12:34:13Z", "revision_history": [ { "date": "2022-10-27T12:34:13Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "libtasn1-3.7-13.7.1.aarch64", "product": { "name": "libtasn1-3.7-13.7.1.aarch64", "product_id": "libtasn1-3.7-13.7.1.aarch64" } }, { "category": "product_version", "name": "libtasn1-6-3.7-13.7.1.aarch64", "product": { "name": "libtasn1-6-3.7-13.7.1.aarch64", "product_id": "libtasn1-6-3.7-13.7.1.aarch64" } }, { "category": "product_version", "name": "libtasn1-devel-3.7-13.7.1.aarch64", "product": { "name": "libtasn1-devel-3.7-13.7.1.aarch64", "product_id": "libtasn1-devel-3.7-13.7.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libtasn1-6-64bit-3.7-13.7.1.aarch64_ilp32", "product": { "name": "libtasn1-6-64bit-3.7-13.7.1.aarch64_ilp32", "product_id": "libtasn1-6-64bit-3.7-13.7.1.aarch64_ilp32" } }, { "category": "product_version", "name": "libtasn1-devel-64bit-3.7-13.7.1.aarch64_ilp32", "product": { "name": "libtasn1-devel-64bit-3.7-13.7.1.aarch64_ilp32", "product_id": "libtasn1-devel-64bit-3.7-13.7.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "libtasn1-3.7-13.7.1.i586", "product": { "name": "libtasn1-3.7-13.7.1.i586", "product_id": "libtasn1-3.7-13.7.1.i586" } }, { "category": "product_version", "name": "libtasn1-6-3.7-13.7.1.i586", "product": { "name": "libtasn1-6-3.7-13.7.1.i586", "product_id": "libtasn1-6-3.7-13.7.1.i586" } }, { "category": "product_version", "name": "libtasn1-devel-3.7-13.7.1.i586", "product": { "name": "libtasn1-devel-3.7-13.7.1.i586", "product_id": "libtasn1-devel-3.7-13.7.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "libtasn1-3.7-13.7.1.ppc64le", "product": { "name": "libtasn1-3.7-13.7.1.ppc64le", "product_id": "libtasn1-3.7-13.7.1.ppc64le" } }, { "category": "product_version", "name": "libtasn1-6-3.7-13.7.1.ppc64le", "product": { "name": "libtasn1-6-3.7-13.7.1.ppc64le", "product_id": "libtasn1-6-3.7-13.7.1.ppc64le" } }, { "category": "product_version", "name": "libtasn1-devel-3.7-13.7.1.ppc64le", "product": { "name": "libtasn1-devel-3.7-13.7.1.ppc64le", "product_id": "libtasn1-devel-3.7-13.7.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libtasn1-3.7-13.7.1.s390", "product": { "name": "libtasn1-3.7-13.7.1.s390", "product_id": "libtasn1-3.7-13.7.1.s390" } }, { "category": "product_version", "name": "libtasn1-6-3.7-13.7.1.s390", "product": { "name": "libtasn1-6-3.7-13.7.1.s390", "product_id": "libtasn1-6-3.7-13.7.1.s390" } }, { "category": "product_version", "name": "libtasn1-devel-3.7-13.7.1.s390", "product": { "name": "libtasn1-devel-3.7-13.7.1.s390", "product_id": "libtasn1-devel-3.7-13.7.1.s390" } } ], "category": "architecture", "name": "s390" }, { "branches": [ { "category": "product_version", "name": "libtasn1-3.7-13.7.1.s390x", "product": { "name": "libtasn1-3.7-13.7.1.s390x", "product_id": "libtasn1-3.7-13.7.1.s390x" } }, { "category": "product_version", "name": "libtasn1-6-3.7-13.7.1.s390x", "product": { "name": "libtasn1-6-3.7-13.7.1.s390x", "product_id": "libtasn1-6-3.7-13.7.1.s390x" } }, { "category": "product_version", "name": "libtasn1-6-32bit-3.7-13.7.1.s390x", "product": { "name": "libtasn1-6-32bit-3.7-13.7.1.s390x", "product_id": "libtasn1-6-32bit-3.7-13.7.1.s390x" } }, { "category": "product_version", "name": "libtasn1-devel-3.7-13.7.1.s390x", "product": { "name": "libtasn1-devel-3.7-13.7.1.s390x", "product_id": "libtasn1-devel-3.7-13.7.1.s390x" } }, { "category": "product_version", "name": "libtasn1-devel-32bit-3.7-13.7.1.s390x", "product": { "name": "libtasn1-devel-32bit-3.7-13.7.1.s390x", "product_id": "libtasn1-devel-32bit-3.7-13.7.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libtasn1-3.7-13.7.1.x86_64", "product": { "name": "libtasn1-3.7-13.7.1.x86_64", "product_id": "libtasn1-3.7-13.7.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-6-3.7-13.7.1.x86_64", "product": { "name": "libtasn1-6-3.7-13.7.1.x86_64", "product_id": "libtasn1-6-3.7-13.7.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-6-32bit-3.7-13.7.1.x86_64", "product": { "name": "libtasn1-6-32bit-3.7-13.7.1.x86_64", "product_id": "libtasn1-6-32bit-3.7-13.7.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-3.7-13.7.1.x86_64", "product": { "name": "libtasn1-devel-3.7-13.7.1.x86_64", "product_id": "libtasn1-devel-3.7-13.7.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-32bit-3.7-13.7.1.x86_64", "product": { "name": "libtasn1-devel-32bit-3.7-13.7.1.x86_64", "product_id": "libtasn1-devel-32bit-3.7-13.7.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP2-BCL", "product": { "name": "SUSE Linux Enterprise Server 12 SP2-BCL", "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL", "product_identification_helper": { "cpe": "cpe:/o:suse:sles-bcl:12:sp2" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libtasn1-3.7-13.7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64" }, "product_reference": "libtasn1-3.7-13.7.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-3.7-13.7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64" }, "product_reference": "libtasn1-6-3.7-13.7.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-3.7-13.7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" }, "product_reference": "libtasn1-6-32bit-3.7-13.7.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-6891", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-6891" } ], "notes": [ { "category": "general", "text": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-6891", "url": "https://www.suse.com/security/cve/CVE-2017-6891" }, { "category": "external", "summary": "SUSE Bug 1040621 for CVE-2017-6891", "url": "https://bugzilla.suse.com/1040621" }, { "category": "external", "summary": "SUSE Bug 1049210 for CVE-2017-6891", "url": "https://bugzilla.suse.com/1049210" }, { "category": "external", "summary": "SUSE Bug 1149679 for CVE-2017-6891", "url": "https://bugzilla.suse.com/1149679" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2022-10-27T12:34:13Z", "details": "moderate" } ], "title": "CVE-2017-6891" }, { "cve": "CVE-2018-1000654", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-1000654" } ], "notes": [ { "category": "general", "text": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-1000654", "url": "https://www.suse.com/security/cve/CVE-2018-1000654" }, { "category": "external", "summary": "SUSE Bug 1105435 for CVE-2018-1000654", "url": "https://bugzilla.suse.com/1105435" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2022-10-27T12:34:13Z", "details": "moderate" } ], "title": "CVE-2018-1000654" }, { "cve": "CVE-2021-46848", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2021-46848" } ], "notes": [ { "category": "general", "text": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2021-46848", "url": "https://www.suse.com/security/cve/CVE-2021-46848" }, { "category": "external", "summary": "SUSE Bug 1204690 for CVE-2021-46848", "url": "https://bugzilla.suse.com/1204690" }, { "category": "external", "summary": "SUSE Bug 1205081 for CVE-2021-46848", "url": "https://bugzilla.suse.com/1205081" }, { "category": "external", "summary": "SUSE Bug 1205311 for CVE-2021-46848", "url": "https://bugzilla.suse.com/1205311" }, { "category": "external", "summary": "SUSE Bug 1208025 for CVE-2021-46848", "url": "https://bugzilla.suse.com/1208025" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2022-10-27T12:34:13Z", "details": "critical" } ], "title": "CVE-2021-46848" } ] }
suse-su-2019:1379-1
Vulnerability from csaf_suse
Published
2019-05-29 13:07
Modified
2019-05-29 13:07
Summary
Security update for libtasn1
Notes
Title of the patch
Security update for libtasn1
Description of the patch
This update for libtasn1 fixes the following issues:
Security issues fixed:
- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).
- CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621).
Patchnames
SUSE-2019-1379,SUSE-SLE-DESKTOP-12-SP3-2019-1379,SUSE-SLE-DESKTOP-12-SP4-2019-1379,SUSE-SLE-SDK-12-SP3-2019-1379,SUSE-SLE-SDK-12-SP4-2019-1379,SUSE-SLE-SERVER-12-SP3-2019-1379,SUSE-SLE-SERVER-12-SP4-2019-1379
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for libtasn1", "title": "Title of the patch" }, { "category": "description", "text": "This update for libtasn1 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).\n- CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621).\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2019-1379,SUSE-SLE-DESKTOP-12-SP3-2019-1379,SUSE-SLE-DESKTOP-12-SP4-2019-1379,SUSE-SLE-SDK-12-SP3-2019-1379,SUSE-SLE-SDK-12-SP4-2019-1379,SUSE-SLE-SERVER-12-SP3-2019-1379,SUSE-SLE-SERVER-12-SP4-2019-1379", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1379-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2019:1379-1", "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191379-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2019:1379-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-May/005515.html" }, { "category": "self", "summary": "SUSE Bug 1040621", "url": "https://bugzilla.suse.com/1040621" }, { "category": "self", "summary": "SUSE Bug 1105435", "url": "https://bugzilla.suse.com/1105435" }, { "category": "self", "summary": "SUSE CVE CVE-2017-6891 page", "url": "https://www.suse.com/security/cve/CVE-2017-6891/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-1000654 page", "url": "https://www.suse.com/security/cve/CVE-2018-1000654/" } ], "title": "Security update for libtasn1", "tracking": { "current_release_date": "2019-05-29T13:07:20Z", "generator": { "date": "2019-05-29T13:07:20Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2019:1379-1", "initial_release_date": "2019-05-29T13:07:20Z", "revision_history": [ { "date": "2019-05-29T13:07:20Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "libtasn1-4.9-3.10.1.aarch64", "product": { "name": "libtasn1-4.9-3.10.1.aarch64", "product_id": "libtasn1-4.9-3.10.1.aarch64" } }, { "category": "product_version", "name": "libtasn1-6-4.9-3.10.1.aarch64", "product": { "name": "libtasn1-6-4.9-3.10.1.aarch64", "product_id": "libtasn1-6-4.9-3.10.1.aarch64" } }, { "category": "product_version", "name": "libtasn1-devel-4.9-3.10.1.aarch64", "product": { "name": "libtasn1-devel-4.9-3.10.1.aarch64", "product_id": "libtasn1-devel-4.9-3.10.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libtasn1-6-64bit-4.9-3.10.1.aarch64_ilp32", "product": { "name": "libtasn1-6-64bit-4.9-3.10.1.aarch64_ilp32", "product_id": "libtasn1-6-64bit-4.9-3.10.1.aarch64_ilp32" } }, { "category": "product_version", "name": "libtasn1-devel-64bit-4.9-3.10.1.aarch64_ilp32", "product": { "name": "libtasn1-devel-64bit-4.9-3.10.1.aarch64_ilp32", "product_id": "libtasn1-devel-64bit-4.9-3.10.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.9-3.10.1.i586", "product": { "name": "libtasn1-4.9-3.10.1.i586", "product_id": "libtasn1-4.9-3.10.1.i586" } }, { "category": "product_version", "name": "libtasn1-6-4.9-3.10.1.i586", "product": { "name": "libtasn1-6-4.9-3.10.1.i586", "product_id": "libtasn1-6-4.9-3.10.1.i586" } }, { "category": "product_version", "name": "libtasn1-devel-4.9-3.10.1.i586", "product": { "name": "libtasn1-devel-4.9-3.10.1.i586", "product_id": "libtasn1-devel-4.9-3.10.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.9-3.10.1.ppc64le", "product": { "name": "libtasn1-4.9-3.10.1.ppc64le", "product_id": "libtasn1-4.9-3.10.1.ppc64le" } }, { "category": "product_version", "name": "libtasn1-6-4.9-3.10.1.ppc64le", "product": { "name": "libtasn1-6-4.9-3.10.1.ppc64le", "product_id": "libtasn1-6-4.9-3.10.1.ppc64le" } }, { "category": "product_version", "name": "libtasn1-devel-4.9-3.10.1.ppc64le", "product": { "name": "libtasn1-devel-4.9-3.10.1.ppc64le", "product_id": "libtasn1-devel-4.9-3.10.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.9-3.10.1.s390", "product": { "name": "libtasn1-4.9-3.10.1.s390", "product_id": "libtasn1-4.9-3.10.1.s390" } }, { "category": "product_version", "name": "libtasn1-6-4.9-3.10.1.s390", "product": { "name": "libtasn1-6-4.9-3.10.1.s390", "product_id": "libtasn1-6-4.9-3.10.1.s390" } }, { "category": "product_version", "name": "libtasn1-devel-4.9-3.10.1.s390", "product": { "name": "libtasn1-devel-4.9-3.10.1.s390", "product_id": "libtasn1-devel-4.9-3.10.1.s390" } } ], "category": "architecture", "name": "s390" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.9-3.10.1.s390x", "product": { "name": "libtasn1-4.9-3.10.1.s390x", "product_id": "libtasn1-4.9-3.10.1.s390x" } }, { "category": "product_version", "name": "libtasn1-6-4.9-3.10.1.s390x", "product": { "name": "libtasn1-6-4.9-3.10.1.s390x", "product_id": "libtasn1-6-4.9-3.10.1.s390x" } }, { "category": "product_version", "name": "libtasn1-6-32bit-4.9-3.10.1.s390x", "product": { "name": "libtasn1-6-32bit-4.9-3.10.1.s390x", "product_id": "libtasn1-6-32bit-4.9-3.10.1.s390x" } }, { "category": "product_version", "name": "libtasn1-devel-4.9-3.10.1.s390x", "product": { "name": "libtasn1-devel-4.9-3.10.1.s390x", "product_id": "libtasn1-devel-4.9-3.10.1.s390x" } }, { "category": "product_version", "name": "libtasn1-devel-32bit-4.9-3.10.1.s390x", "product": { "name": "libtasn1-devel-32bit-4.9-3.10.1.s390x", "product_id": "libtasn1-devel-32bit-4.9-3.10.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.9-3.10.1.x86_64", "product": { "name": "libtasn1-4.9-3.10.1.x86_64", "product_id": "libtasn1-4.9-3.10.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-6-4.9-3.10.1.x86_64", "product": { "name": "libtasn1-6-4.9-3.10.1.x86_64", "product_id": "libtasn1-6-4.9-3.10.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "product": { "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "product_id": "libtasn1-6-32bit-4.9-3.10.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-4.9-3.10.1.x86_64", "product": { "name": "libtasn1-devel-4.9-3.10.1.x86_64", "product_id": "libtasn1-devel-4.9-3.10.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-32bit-4.9-3.10.1.x86_64", "product": { "name": "libtasn1-devel-32bit-4.9-3.10.1.x86_64", "product_id": "libtasn1-devel-32bit-4.9-3.10.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Desktop 12 SP3", "product": { "name": "SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sled:12:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Desktop 12 SP4", "product": { "name": "SUSE Linux Enterprise Desktop 12 SP4", "product_id": "SUSE Linux Enterprise Desktop 12 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sled:12:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Software Development Kit 12 SP3", "product": { "name": "SUSE Linux Enterprise Software Development Kit 12 SP3", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-sdk:12:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Software Development Kit 12 SP4", "product": { "name": "SUSE Linux Enterprise Software Development Kit 12 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-sdk:12:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP3", "product": { "name": "SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:12:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP4", "product": { "name": "SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:12:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12:sp4" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4", "product_id": "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4", "product_id": "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4", "product_id": "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-devel-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-devel-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-devel-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-devel-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-devel-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-devel-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-devel-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-devel-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-6-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-6-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-6-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-6-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-6-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-6-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-6-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-6-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-6891", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-6891" } ], "notes": [ { "category": "general", "text": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-6891", "url": "https://www.suse.com/security/cve/CVE-2017-6891" }, { "category": "external", "summary": "SUSE Bug 1040621 for CVE-2017-6891", "url": "https://bugzilla.suse.com/1040621" }, { "category": "external", "summary": "SUSE Bug 1049210 for CVE-2017-6891", "url": "https://bugzilla.suse.com/1049210" }, { "category": "external", "summary": "SUSE Bug 1149679 for CVE-2017-6891", "url": "https://bugzilla.suse.com/1149679" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2019-05-29T13:07:20Z", "details": "moderate" } ], "title": "CVE-2017-6891" }, { "cve": "CVE-2018-1000654", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-1000654" } ], "notes": [ { "category": "general", "text": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-1000654", "url": "https://www.suse.com/security/cve/CVE-2018-1000654" }, { "category": "external", "summary": "SUSE Bug 1105435 for CVE-2018-1000654", "url": "https://bugzilla.suse.com/1105435" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2019-05-29T13:07:20Z", "details": "moderate" } ], "title": "CVE-2018-1000654" } ] }
suse-su-2017:1886-1
Vulnerability from csaf_suse
Published
2017-07-15 07:50
Modified
2017-07-15 07:50
Summary
Security update for gnutls
Notes
Title of the patch
Security update for gnutls
Description of the patch
This update for gnutls fixes the following issues:
- GNUTLS-SA-2017-3 / CVE-2017-7869: An out-of-bounds write in OpenPGP certificate decoding was fixed (bsc#1034173)
- CVE-2017-6891: A potential stack buffer overflow in the bundled libtasn1 was fixed (bsc#1040621)
- An address read of 4 bytes past the end of buffer in OpenPGP certificate parsing was fixed (bsc#1038337)
Patchnames
sdksp4-gnutls-13212,slehasp4-gnutls-13212,slessp4-gnutls-13212
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for gnutls", "title": "Title of the patch" }, { "category": "description", "text": "This update for gnutls fixes the following issues:\n\n- GNUTLS-SA-2017-3 / CVE-2017-7869: An out-of-bounds write in OpenPGP certificate decoding was fixed (bsc#1034173)\n- CVE-2017-6891: A potential stack buffer overflow in the bundled libtasn1 was fixed (bsc#1040621)\n- An address read of 4 bytes past the end of buffer in OpenPGP certificate parsing was fixed (bsc#1038337)\n", "title": "Description of the patch" }, { "category": "details", "text": "sdksp4-gnutls-13212,slehasp4-gnutls-13212,slessp4-gnutls-13212", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1886-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2017:1886-1", "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171886-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2017:1886-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-July/003036.html" }, { "category": "self", "summary": "SUSE Bug 1034173", "url": "https://bugzilla.suse.com/1034173" }, { "category": "self", "summary": "SUSE Bug 1038337", "url": "https://bugzilla.suse.com/1038337" }, { "category": "self", "summary": "SUSE Bug 1040621", "url": "https://bugzilla.suse.com/1040621" }, { "category": "self", "summary": "SUSE CVE CVE-2017-6891 page", "url": "https://www.suse.com/security/cve/CVE-2017-6891/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-7869 page", "url": "https://www.suse.com/security/cve/CVE-2017-7869/" } ], "title": "Security update for gnutls", "tracking": { "current_release_date": "2017-07-15T07:50:59Z", "generator": { "date": "2017-07-15T07:50:59Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2017:1886-1", "initial_release_date": "2017-07-15T07:50:59Z", "revision_history": [ { "date": "2017-07-15T07:50:59Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "libgnutls-devel-2.4.1-24.39.70.1.i586", "product": { "name": "libgnutls-devel-2.4.1-24.39.70.1.i586", "product_id": "libgnutls-devel-2.4.1-24.39.70.1.i586" } }, { "category": "product_version", "name": "libgnutls-extra-devel-2.4.1-24.39.70.1.i586", "product": { "name": "libgnutls-extra-devel-2.4.1-24.39.70.1.i586", "product_id": "libgnutls-extra-devel-2.4.1-24.39.70.1.i586" } }, { "category": "product_version", "name": "libgnutls-extra26-2.4.1-24.39.70.1.i586", "product": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.i586", "product_id": "libgnutls-extra26-2.4.1-24.39.70.1.i586" } }, { "category": "product_version", "name": "gnutls-2.4.1-24.39.70.1.i586", "product": { "name": "gnutls-2.4.1-24.39.70.1.i586", "product_id": "gnutls-2.4.1-24.39.70.1.i586" } }, { "category": "product_version", "name": "libgnutls26-2.4.1-24.39.70.1.i586", "product": { "name": "libgnutls26-2.4.1-24.39.70.1.i586", "product_id": "libgnutls26-2.4.1-24.39.70.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "libgnutls-devel-2.4.1-24.39.70.1.ia64", "product": { "name": "libgnutls-devel-2.4.1-24.39.70.1.ia64", "product_id": "libgnutls-devel-2.4.1-24.39.70.1.ia64" } }, { "category": "product_version", "name": "libgnutls-extra-devel-2.4.1-24.39.70.1.ia64", "product": { "name": "libgnutls-extra-devel-2.4.1-24.39.70.1.ia64", "product_id": "libgnutls-extra-devel-2.4.1-24.39.70.1.ia64" } }, { "category": "product_version", "name": "libgnutls-extra26-2.4.1-24.39.70.1.ia64", "product": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.ia64", "product_id": "libgnutls-extra26-2.4.1-24.39.70.1.ia64" } }, { "category": "product_version", "name": "gnutls-2.4.1-24.39.70.1.ia64", "product": { "name": "gnutls-2.4.1-24.39.70.1.ia64", "product_id": "gnutls-2.4.1-24.39.70.1.ia64" } }, { "category": "product_version", "name": "libgnutls26-2.4.1-24.39.70.1.ia64", "product": { "name": "libgnutls26-2.4.1-24.39.70.1.ia64", "product_id": "libgnutls26-2.4.1-24.39.70.1.ia64" } }, { "category": "product_version", "name": "libgnutls26-x86-2.4.1-24.39.70.1.ia64", "product": { "name": "libgnutls26-x86-2.4.1-24.39.70.1.ia64", "product_id": "libgnutls26-x86-2.4.1-24.39.70.1.ia64" } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "libgnutls-devel-2.4.1-24.39.70.1.ppc64", "product": { "name": "libgnutls-devel-2.4.1-24.39.70.1.ppc64", "product_id": "libgnutls-devel-2.4.1-24.39.70.1.ppc64" } }, { "category": "product_version", "name": "libgnutls-extra-devel-2.4.1-24.39.70.1.ppc64", "product": { "name": "libgnutls-extra-devel-2.4.1-24.39.70.1.ppc64", "product_id": "libgnutls-extra-devel-2.4.1-24.39.70.1.ppc64" } }, { "category": "product_version", "name": "libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "product": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "product_id": "libgnutls-extra26-2.4.1-24.39.70.1.ppc64" } }, { "category": "product_version", "name": "gnutls-2.4.1-24.39.70.1.ppc64", "product": { "name": "gnutls-2.4.1-24.39.70.1.ppc64", "product_id": "gnutls-2.4.1-24.39.70.1.ppc64" } }, { "category": "product_version", "name": "libgnutls26-2.4.1-24.39.70.1.ppc64", "product": { "name": "libgnutls26-2.4.1-24.39.70.1.ppc64", "product_id": "libgnutls26-2.4.1-24.39.70.1.ppc64" } }, { "category": "product_version", "name": "libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "product": { "name": "libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "product_id": "libgnutls26-32bit-2.4.1-24.39.70.1.ppc64" } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "libgnutls-devel-2.4.1-24.39.70.1.s390x", "product": { "name": "libgnutls-devel-2.4.1-24.39.70.1.s390x", "product_id": "libgnutls-devel-2.4.1-24.39.70.1.s390x" } }, { "category": "product_version", "name": "libgnutls-extra-devel-2.4.1-24.39.70.1.s390x", "product": { "name": "libgnutls-extra-devel-2.4.1-24.39.70.1.s390x", "product_id": "libgnutls-extra-devel-2.4.1-24.39.70.1.s390x" } }, { "category": "product_version", "name": "libgnutls-extra26-2.4.1-24.39.70.1.s390x", "product": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.s390x", "product_id": "libgnutls-extra26-2.4.1-24.39.70.1.s390x" } }, { "category": "product_version", "name": "gnutls-2.4.1-24.39.70.1.s390x", "product": { "name": "gnutls-2.4.1-24.39.70.1.s390x", "product_id": "gnutls-2.4.1-24.39.70.1.s390x" } }, { "category": "product_version", "name": "libgnutls26-2.4.1-24.39.70.1.s390x", "product": { "name": "libgnutls26-2.4.1-24.39.70.1.s390x", "product_id": "libgnutls26-2.4.1-24.39.70.1.s390x" } }, { "category": "product_version", "name": "libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "product": { "name": "libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "product_id": "libgnutls26-32bit-2.4.1-24.39.70.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libgnutls-devel-2.4.1-24.39.70.1.x86_64", "product": { "name": "libgnutls-devel-2.4.1-24.39.70.1.x86_64", "product_id": "libgnutls-devel-2.4.1-24.39.70.1.x86_64" } }, { "category": "product_version", "name": "libgnutls-extra-devel-2.4.1-24.39.70.1.x86_64", "product": { "name": "libgnutls-extra-devel-2.4.1-24.39.70.1.x86_64", "product_id": "libgnutls-extra-devel-2.4.1-24.39.70.1.x86_64" } }, { "category": "product_version", "name": "libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "product": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "product_id": "libgnutls-extra26-2.4.1-24.39.70.1.x86_64" } }, { "category": "product_version", "name": "gnutls-2.4.1-24.39.70.1.x86_64", "product": { "name": "gnutls-2.4.1-24.39.70.1.x86_64", "product_id": "gnutls-2.4.1-24.39.70.1.x86_64" } }, { "category": "product_version", "name": "libgnutls26-2.4.1-24.39.70.1.x86_64", "product": { "name": "libgnutls26-2.4.1-24.39.70.1.x86_64", "product_id": "libgnutls26-2.4.1-24.39.70.1.x86_64" } }, { "category": "product_version", "name": "libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "product": { "name": "libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "product_id": "libgnutls26-32bit-2.4.1-24.39.70.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Software Development Kit 11 SP4", "product": { "name": "SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4", "product_identification_helper": { "cpe": "cpe:/a:suse:sle-sdk:11:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise High Availability Extension 11 SP4", "product": { "name": "SUSE Linux Enterprise High Availability Extension 11 SP4", "product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4", "product_identification_helper": { "cpe": "cpe:/a:suse:sle-hae:11:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP4", "product": { "name": "SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_sles:11:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:11:sp4" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-2.4.1-24.39.70.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.i586" }, "product_reference": "libgnutls-devel-2.4.1-24.39.70.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-2.4.1-24.39.70.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.ia64" }, "product_reference": "libgnutls-devel-2.4.1-24.39.70.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-2.4.1-24.39.70.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.ppc64" }, "product_reference": "libgnutls-devel-2.4.1-24.39.70.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-2.4.1-24.39.70.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.s390x" }, "product_reference": "libgnutls-devel-2.4.1-24.39.70.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-devel-2.4.1-24.39.70.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.x86_64" }, "product_reference": "libgnutls-devel-2.4.1-24.39.70.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra-devel-2.4.1-24.39.70.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.i586" }, "product_reference": "libgnutls-extra-devel-2.4.1-24.39.70.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra-devel-2.4.1-24.39.70.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.ia64" }, "product_reference": "libgnutls-extra-devel-2.4.1-24.39.70.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra-devel-2.4.1-24.39.70.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.ppc64" }, "product_reference": "libgnutls-extra-devel-2.4.1-24.39.70.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra-devel-2.4.1-24.39.70.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.s390x" }, "product_reference": "libgnutls-extra-devel-2.4.1-24.39.70.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra-devel-2.4.1-24.39.70.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.x86_64" }, "product_reference": "libgnutls-extra-devel-2.4.1-24.39.70.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.i586 as component of SUSE Linux Enterprise High Availability Extension 11 SP4", "product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.ia64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4", "product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.ppc64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4", "product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.s390x as component of SUSE Linux Enterprise High Availability Extension 11 SP4", "product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4", "product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-2.4.1-24.39.70.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.i586" }, "product_reference": "gnutls-2.4.1-24.39.70.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-2.4.1-24.39.70.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.ia64" }, "product_reference": "gnutls-2.4.1-24.39.70.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-2.4.1-24.39.70.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.ppc64" }, "product_reference": "gnutls-2.4.1-24.39.70.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-2.4.1-24.39.70.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.s390x" }, "product_reference": "gnutls-2.4.1-24.39.70.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-2.4.1-24.39.70.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.x86_64" }, "product_reference": "gnutls-2.4.1-24.39.70.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-2.4.1-24.39.70.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.i586" }, "product_reference": "libgnutls26-2.4.1-24.39.70.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-2.4.1-24.39.70.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.ia64" }, "product_reference": "libgnutls26-2.4.1-24.39.70.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-2.4.1-24.39.70.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.ppc64" }, "product_reference": "libgnutls26-2.4.1-24.39.70.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-2.4.1-24.39.70.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.s390x" }, "product_reference": "libgnutls26-2.4.1-24.39.70.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-2.4.1-24.39.70.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.x86_64" }, "product_reference": "libgnutls26-2.4.1-24.39.70.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-32bit-2.4.1-24.39.70.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.ppc64" }, "product_reference": "libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-32bit-2.4.1-24.39.70.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.s390x" }, "product_reference": "libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-32bit-2.4.1-24.39.70.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.x86_64" }, "product_reference": "libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-x86-2.4.1-24.39.70.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:libgnutls26-x86-2.4.1-24.39.70.1.ia64" }, "product_reference": "libgnutls26-x86-2.4.1-24.39.70.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-2.4.1-24.39.70.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.i586" }, "product_reference": "gnutls-2.4.1-24.39.70.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-2.4.1-24.39.70.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.ia64" }, "product_reference": "gnutls-2.4.1-24.39.70.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-2.4.1-24.39.70.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.ppc64" }, "product_reference": "gnutls-2.4.1-24.39.70.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-2.4.1-24.39.70.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.s390x" }, "product_reference": "gnutls-2.4.1-24.39.70.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "gnutls-2.4.1-24.39.70.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.x86_64" }, "product_reference": "gnutls-2.4.1-24.39.70.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls-extra26-2.4.1-24.39.70.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64" }, "product_reference": "libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-2.4.1-24.39.70.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.i586" }, "product_reference": "libgnutls26-2.4.1-24.39.70.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-2.4.1-24.39.70.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.ia64" }, "product_reference": "libgnutls26-2.4.1-24.39.70.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-2.4.1-24.39.70.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.ppc64" }, "product_reference": "libgnutls26-2.4.1-24.39.70.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-2.4.1-24.39.70.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.s390x" }, "product_reference": "libgnutls26-2.4.1-24.39.70.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-2.4.1-24.39.70.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.x86_64" }, "product_reference": "libgnutls26-2.4.1-24.39.70.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-32bit-2.4.1-24.39.70.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.ppc64" }, "product_reference": "libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-32bit-2.4.1-24.39.70.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.s390x" }, "product_reference": "libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-32bit-2.4.1-24.39.70.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.x86_64" }, "product_reference": "libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libgnutls26-x86-2.4.1-24.39.70.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-x86-2.4.1-24.39.70.1.ia64" }, "product_reference": "libgnutls26-x86-2.4.1-24.39.70.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-6891", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-6891" } ], "notes": [ { "category": "general", "text": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-x86-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-x86-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-6891", "url": "https://www.suse.com/security/cve/CVE-2017-6891" }, { "category": "external", "summary": "SUSE Bug 1040621 for CVE-2017-6891", "url": "https://bugzilla.suse.com/1040621" }, { "category": "external", "summary": "SUSE Bug 1049210 for CVE-2017-6891", "url": "https://bugzilla.suse.com/1049210" }, { "category": "external", "summary": "SUSE Bug 1149679 for CVE-2017-6891", "url": "https://bugzilla.suse.com/1149679" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-x86-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-x86-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-x86-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-x86-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-07-15T07:50:59Z", "details": "moderate" } ], "title": "CVE-2017-6891" }, { "cve": "CVE-2017-7869", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-7869" } ], "notes": [ { "category": "general", "text": "GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor\u0027s GNUTLS-SA-2017-3 report) is fixed in 3.5.10.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-x86-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-x86-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-7869", "url": "https://www.suse.com/security/cve/CVE-2017-7869" }, { "category": "external", "summary": "SUSE Bug 1034173 for CVE-2017-7869", "url": "https://bugzilla.suse.com/1034173" }, { "category": "external", "summary": "SUSE Bug 1038337 for CVE-2017-7869", "url": "https://bugzilla.suse.com/1038337" }, { "category": "external", "summary": "SUSE Bug 1049210 for CVE-2017-7869", "url": "https://bugzilla.suse.com/1049210" }, { "category": "external", "summary": "SUSE Bug 1149679 for CVE-2017-7869", "url": "https://bugzilla.suse.com/1149679" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-x86-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-x86-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:gnutls-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libgnutls26-x86-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:gnutls-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-32bit-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libgnutls26-x86-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-devel-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra-devel-2.4.1-24.39.70.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libgnutls-extra26-2.4.1-24.39.70.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-07-15T07:50:59Z", "details": "critical" } ], "title": "CVE-2017-7869" } ] }
fkie_cve-2017-6891
Vulnerability from fkie_nvd
Published
2017-05-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
References
▶ | URL | Tags | |
---|---|---|---|
PSIRT-CNA@flexerasoftware.com | http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484 | ||
PSIRT-CNA@flexerasoftware.com | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html | Broken Link | |
PSIRT-CNA@flexerasoftware.com | http://www.debian.org/security/2017/dsa-3861 | Third Party Advisory | |
PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/bid/98641 | Third Party Advisory, VDB Entry | |
PSIRT-CNA@flexerasoftware.com | http://www.securitytracker.com/id/1038619 | Third Party Advisory, VDB Entry | |
PSIRT-CNA@flexerasoftware.com | https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | ||
PSIRT-CNA@flexerasoftware.com | https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | ||
PSIRT-CNA@flexerasoftware.com | https://secuniaresearch.flexerasoftware.com/advisories/76125/ | Permissions Required | |
PSIRT-CNA@flexerasoftware.com | https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/ | Patch, Third Party Advisory | |
PSIRT-CNA@flexerasoftware.com | https://security.gentoo.org/glsa/201710-11 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html | Broken Link | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3861 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98641 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038619 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | ||
af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | ||
af854a3a-2127-422b-91ae-364da2661108 | https://secuniaresearch.flexerasoftware.com/advisories/76125/ | Permissions Required | |
af854a3a-2127-422b-91ae-364da2661108 | https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/ | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201710-11 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
gnu | libtasn1 | 4.10 | |
debian | debian_linux | 8.0 | |
apache | bookkeeper | 4.12.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:gnu:libtasn1:4.10:*:*:*:*:*:*:*", "matchCriteriaId": "17277D17-DF6A-4594-B9FA-8D91EFF3ADBC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:bookkeeper:4.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "FB293558-0DB0-4EEB-A91C-7B00A9FA634E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility." }, { "lang": "es", "value": "Se pueden explotar dos errores en la funci\u00f3n \\\"asn1_find_node()\\\" (lib/parser_aux.c) en GnuTLS libtasn1 versi\u00f3n 4.10 para provocar un desbordamiento de b\u00fafer basado en pila enga\u00f1ando a un usuario para que procese un archivo de asignaciones especialmente manipulado mediante la utilidad de ejemplo asn1Coding." } ], "id": "CVE-2017-6891", "lastModified": "2025-04-20T01:37:25.860", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-05-22T19:29:00.250", "references": [ { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Broken Link" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3861" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/98641" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038619" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Permissions Required" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3861" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/98641" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038619" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Permissions Required" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-11" } ], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
ghsa-ch46-3x6h-7qrw
Vulnerability from github
Published
2022-05-13 01:09
Modified
2025-04-20 03:38
Severity ?
VLAI Severity ?
Details
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
{ "affected": [], "aliases": [ "CVE-2017-6891" ], "database_specific": { "cwe_ids": [ "CWE-119", "CWE-787" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2017-05-22T19:29:00Z", "severity": "HIGH" }, "details": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", "id": "GHSA-ch46-3x6h-7qrw", "modified": "2025-04-20T03:38:04Z", "published": "2022-05-13T01:09:01Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6891" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "type": "WEB", "url": "https://secuniaresearch.flexerasoftware.com/advisories/76125" }, { "type": "WEB", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201710-11" }, { "type": "WEB", "url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484" }, { "type": "WEB", "url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "type": "WEB", "url": "http://www.debian.org/security/2017/dsa-3861" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/98641" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1038619" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…