Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1000654 (GCVE-0-2018-1000654)
Vulnerability from cvelistv5
Published
2018-08-20 19:00
Modified
2024-08-05 12:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T12:40:47.874Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://gitlab.com/gnutls/libtasn1/issues/4" }, { "name": "105151", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105151" }, { "name": "openSUSE-SU-2019:1498", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html" }, { "name": "openSUSE-SU-2019:1510", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "dateAssigned": "2018-08-19T00:00:00", "datePublic": "2018-08-12T00:00:00", "descriptions": [ { "lang": "en", "value": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-25T16:06:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://gitlab.com/gnutls/libtasn1/issues/4" }, { "name": "105151", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105151" }, { "name": "openSUSE-SU-2019:1498", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html" }, { "name": "openSUSE-SU-2019:1510", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-08-19T17:09:33.126155", "DATE_REQUESTED": "2018-08-12T23:08:51", "ID": "CVE-2018-1000654", "REQUESTER": "situlingyun@gmail.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://gitlab.com/gnutls/libtasn1/issues/4", "refsource": "CONFIRM", "url": "https://gitlab.com/gnutls/libtasn1/issues/4" }, { "name": "105151", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105151" }, { "name": "openSUSE-SU-2019:1498", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html" }, { "name": "openSUSE-SU-2019:1510", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000654", "datePublished": "2018-08-20T19:00:00", "dateReserved": "2018-08-12T00:00:00", "dateUpdated": "2024-08-05T12:40:47.874Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-1000654\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-08-20T19:31:44.870\",\"lastModified\":\"2024-11-21T03:40:20.150\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.\"},{\"lang\":\"es\",\"value\":\"GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contiene una denegaci\u00f3n de servicio (DoS). De manera espec\u00edfica, el uso de recursos de CPU llega al 100% cuando se ejecuta asn1Paser contra el POC debido a que existe un problema en _asn1_expand_object_id(p_tree) en el que, despu\u00e9s de un per\u00edodo largo de tiempo, el programa se bloquea y se cierra. Este ataque parece ser explotable mediante el an\u00e1lisis sint\u00e1ctico de un archivo manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:libtasn1:4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0DFAFB0-18FA-48C9-A7D0-8AE3DC3B3F65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:libtasn1:4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E261FB67-8C77-4789-B340-C1DF940ADDAD\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/105151\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://gitlab.com/gnutls/libtasn1/issues/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/105151\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://gitlab.com/gnutls/libtasn1/issues/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
suse-su-2019:1372-2
Vulnerability from csaf_suse
Published
2019-07-03 08:55
Modified
2019-07-03 08:55
Summary
Security update for libtasn1
Notes
Title of the patch
Security update for libtasn1
Description of the patch
This update for libtasn1 fixes the following issues:
Security issue fixed:
- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).
Patchnames
SUSE-2019-1372,SUSE-SLE-Module-Basesystem-15-SP1-2019-1372,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1372
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for libtasn1", "title": "Title of the patch" }, { "category": "description", "text": "This update for libtasn1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2019-1372,SUSE-SLE-Module-Basesystem-15-SP1-2019-1372,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1372", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1372-2.json" }, { "category": "self", "summary": "URL for SUSE-SU-2019:1372-2", "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191372-2/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2019:1372-2", "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-July/005654.html" }, { "category": "self", "summary": "SUSE Bug 1105435", "url": "https://bugzilla.suse.com/1105435" }, { "category": "self", "summary": "SUSE CVE CVE-2018-1000654 page", "url": "https://www.suse.com/security/cve/CVE-2018-1000654/" } ], "title": "Security update for libtasn1", "tracking": { "current_release_date": "2019-07-03T08:55:12Z", "generator": { "date": "2019-07-03T08:55:12Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2019:1372-2", "initial_release_date": "2019-07-03T08:55:12Z", "revision_history": [ { "date": "2019-07-03T08:55:12Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "libtasn1-4.13-4.5.1.aarch64", "product": { "name": "libtasn1-4.13-4.5.1.aarch64", "product_id": "libtasn1-4.13-4.5.1.aarch64" } }, { "category": "product_version", "name": "libtasn1-6-4.13-4.5.1.aarch64", "product": { "name": "libtasn1-6-4.13-4.5.1.aarch64", "product_id": "libtasn1-6-4.13-4.5.1.aarch64" } }, { "category": "product_version", "name": "libtasn1-devel-4.13-4.5.1.aarch64", "product": { "name": "libtasn1-devel-4.13-4.5.1.aarch64", "product_id": "libtasn1-devel-4.13-4.5.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libtasn1-6-64bit-4.13-4.5.1.aarch64_ilp32", "product": { "name": "libtasn1-6-64bit-4.13-4.5.1.aarch64_ilp32", "product_id": "libtasn1-6-64bit-4.13-4.5.1.aarch64_ilp32" } }, { "category": "product_version", "name": "libtasn1-devel-64bit-4.13-4.5.1.aarch64_ilp32", "product": { "name": "libtasn1-devel-64bit-4.13-4.5.1.aarch64_ilp32", "product_id": "libtasn1-devel-64bit-4.13-4.5.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.13-4.5.1.i586", "product": { "name": "libtasn1-4.13-4.5.1.i586", "product_id": "libtasn1-4.13-4.5.1.i586" } }, { "category": "product_version", "name": "libtasn1-6-4.13-4.5.1.i586", "product": { "name": "libtasn1-6-4.13-4.5.1.i586", "product_id": "libtasn1-6-4.13-4.5.1.i586" } }, { "category": "product_version", "name": "libtasn1-devel-4.13-4.5.1.i586", "product": { "name": "libtasn1-devel-4.13-4.5.1.i586", "product_id": "libtasn1-devel-4.13-4.5.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.13-4.5.1.ppc64le", "product": { "name": "libtasn1-4.13-4.5.1.ppc64le", "product_id": "libtasn1-4.13-4.5.1.ppc64le" } }, { "category": "product_version", "name": "libtasn1-6-4.13-4.5.1.ppc64le", "product": { "name": "libtasn1-6-4.13-4.5.1.ppc64le", "product_id": "libtasn1-6-4.13-4.5.1.ppc64le" } }, { "category": "product_version", "name": "libtasn1-devel-4.13-4.5.1.ppc64le", "product": { "name": "libtasn1-devel-4.13-4.5.1.ppc64le", "product_id": "libtasn1-devel-4.13-4.5.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.13-4.5.1.s390x", "product": { "name": "libtasn1-4.13-4.5.1.s390x", "product_id": "libtasn1-4.13-4.5.1.s390x" } }, { "category": "product_version", "name": "libtasn1-6-4.13-4.5.1.s390x", "product": { "name": "libtasn1-6-4.13-4.5.1.s390x", "product_id": "libtasn1-6-4.13-4.5.1.s390x" } }, { "category": "product_version", "name": "libtasn1-devel-4.13-4.5.1.s390x", "product": { "name": "libtasn1-devel-4.13-4.5.1.s390x", "product_id": "libtasn1-devel-4.13-4.5.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.13-4.5.1.x86_64", "product": { "name": "libtasn1-4.13-4.5.1.x86_64", "product_id": "libtasn1-4.13-4.5.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-6-4.13-4.5.1.x86_64", "product": { "name": "libtasn1-6-4.13-4.5.1.x86_64", "product_id": "libtasn1-6-4.13-4.5.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-6-32bit-4.13-4.5.1.x86_64", "product": { "name": "libtasn1-6-32bit-4.13-4.5.1.x86_64", "product_id": "libtasn1-6-32bit-4.13-4.5.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-4.13-4.5.1.x86_64", "product": { "name": "libtasn1-devel-4.13-4.5.1.x86_64", "product_id": "libtasn1-devel-4.13-4.5.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-32bit-4.13-4.5.1.x86_64", "product": { "name": "libtasn1-devel-32bit-4.13-4.5.1.x86_64", "product_id": "libtasn1-devel-32bit-4.13-4.5.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Module for Basesystem 15 SP1", "product": { "name": "SUSE Linux Enterprise Module for Basesystem 15 SP1", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.13-4.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.aarch64" }, "product_reference": "libtasn1-4.13-4.5.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.13-4.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.ppc64le" }, "product_reference": "libtasn1-4.13-4.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.13-4.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.s390x" }, "product_reference": "libtasn1-4.13-4.5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.13-4.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.x86_64" }, "product_reference": "libtasn1-4.13-4.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.13-4.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.aarch64" }, "product_reference": "libtasn1-6-4.13-4.5.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.13-4.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.ppc64le" }, "product_reference": "libtasn1-6-4.13-4.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.13-4.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.s390x" }, "product_reference": "libtasn1-6-4.13-4.5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.13-4.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.x86_64" }, "product_reference": "libtasn1-6-4.13-4.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.13-4.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-32bit-4.13-4.5.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.13-4.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.13-4.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.aarch64" }, "product_reference": "libtasn1-devel-4.13-4.5.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.13-4.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.ppc64le" }, "product_reference": "libtasn1-devel-4.13-4.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.13-4.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.s390x" }, "product_reference": "libtasn1-devel-4.13-4.5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.13-4.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.x86_64" }, "product_reference": "libtasn1-devel-4.13-4.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-1000654", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-1000654" } ], "notes": [ { "category": "general", "text": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-32bit-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-1000654", "url": "https://www.suse.com/security/cve/CVE-2018-1000654" }, { "category": "external", "summary": "SUSE Bug 1105435 for CVE-2018-1000654", "url": "https://bugzilla.suse.com/1105435" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-32bit-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-32bit-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-6-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtasn1-devel-4.13-4.5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2019-07-03T08:55:12Z", "details": "moderate" } ], "title": "CVE-2018-1000654" } ] }
suse-su-2022:3797-1
Vulnerability from csaf_suse
Published
2022-10-27 12:34
Modified
2022-10-27 12:34
Summary
Security update for libtasn1
Notes
Title of the patch
Security update for libtasn1
Description of the patch
This update for libtasn1 fixes the following issues:
Security issue fixed:
- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).
- CVE-2017-6891: Added safety check to fix a stack overflow issue (bsc#1040621).
- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690)
Patchnames
SUSE-2022-3797,SUSE-SLE-SERVER-12-SP2-BCL-2022-3797
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for libtasn1", "title": "Title of the patch" }, { "category": "description", "text": "This update for libtasn1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).\n- CVE-2017-6891: Added safety check to fix a stack overflow issue (bsc#1040621).\n- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690)\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2022-3797,SUSE-SLE-SERVER-12-SP2-BCL-2022-3797", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3797-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2022:3797-1", "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223797-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2022:3797-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012726.html" }, { "category": "self", "summary": "SUSE Bug 1040621", "url": "https://bugzilla.suse.com/1040621" }, { "category": "self", "summary": "SUSE Bug 1105435", "url": "https://bugzilla.suse.com/1105435" }, { "category": "self", "summary": "SUSE Bug 1204690", "url": "https://bugzilla.suse.com/1204690" }, { "category": "self", "summary": "SUSE CVE CVE-2017-6891 page", "url": "https://www.suse.com/security/cve/CVE-2017-6891/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-1000654 page", "url": "https://www.suse.com/security/cve/CVE-2018-1000654/" }, { "category": "self", "summary": "SUSE CVE CVE-2021-46848 page", "url": "https://www.suse.com/security/cve/CVE-2021-46848/" } ], "title": "Security update for libtasn1", "tracking": { "current_release_date": "2022-10-27T12:34:13Z", "generator": { "date": "2022-10-27T12:34:13Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2022:3797-1", "initial_release_date": "2022-10-27T12:34:13Z", "revision_history": [ { "date": "2022-10-27T12:34:13Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "libtasn1-3.7-13.7.1.aarch64", "product": { "name": "libtasn1-3.7-13.7.1.aarch64", "product_id": "libtasn1-3.7-13.7.1.aarch64" } }, { "category": "product_version", "name": "libtasn1-6-3.7-13.7.1.aarch64", "product": { "name": "libtasn1-6-3.7-13.7.1.aarch64", "product_id": "libtasn1-6-3.7-13.7.1.aarch64" } }, { "category": "product_version", "name": "libtasn1-devel-3.7-13.7.1.aarch64", "product": { "name": "libtasn1-devel-3.7-13.7.1.aarch64", "product_id": "libtasn1-devel-3.7-13.7.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libtasn1-6-64bit-3.7-13.7.1.aarch64_ilp32", "product": { "name": "libtasn1-6-64bit-3.7-13.7.1.aarch64_ilp32", "product_id": "libtasn1-6-64bit-3.7-13.7.1.aarch64_ilp32" } }, { "category": "product_version", "name": "libtasn1-devel-64bit-3.7-13.7.1.aarch64_ilp32", "product": { "name": "libtasn1-devel-64bit-3.7-13.7.1.aarch64_ilp32", "product_id": "libtasn1-devel-64bit-3.7-13.7.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "libtasn1-3.7-13.7.1.i586", "product": { "name": "libtasn1-3.7-13.7.1.i586", "product_id": "libtasn1-3.7-13.7.1.i586" } }, { "category": "product_version", "name": "libtasn1-6-3.7-13.7.1.i586", "product": { "name": "libtasn1-6-3.7-13.7.1.i586", "product_id": "libtasn1-6-3.7-13.7.1.i586" } }, { "category": "product_version", "name": "libtasn1-devel-3.7-13.7.1.i586", "product": { "name": "libtasn1-devel-3.7-13.7.1.i586", "product_id": "libtasn1-devel-3.7-13.7.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "libtasn1-3.7-13.7.1.ppc64le", "product": { "name": "libtasn1-3.7-13.7.1.ppc64le", "product_id": "libtasn1-3.7-13.7.1.ppc64le" } }, { "category": "product_version", "name": "libtasn1-6-3.7-13.7.1.ppc64le", "product": { "name": "libtasn1-6-3.7-13.7.1.ppc64le", "product_id": "libtasn1-6-3.7-13.7.1.ppc64le" } }, { "category": "product_version", "name": "libtasn1-devel-3.7-13.7.1.ppc64le", "product": { "name": "libtasn1-devel-3.7-13.7.1.ppc64le", "product_id": "libtasn1-devel-3.7-13.7.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libtasn1-3.7-13.7.1.s390", "product": { "name": "libtasn1-3.7-13.7.1.s390", "product_id": "libtasn1-3.7-13.7.1.s390" } }, { "category": "product_version", "name": "libtasn1-6-3.7-13.7.1.s390", "product": { "name": "libtasn1-6-3.7-13.7.1.s390", "product_id": "libtasn1-6-3.7-13.7.1.s390" } }, { "category": "product_version", "name": "libtasn1-devel-3.7-13.7.1.s390", "product": { "name": "libtasn1-devel-3.7-13.7.1.s390", "product_id": "libtasn1-devel-3.7-13.7.1.s390" } } ], "category": "architecture", "name": "s390" }, { "branches": [ { "category": "product_version", "name": "libtasn1-3.7-13.7.1.s390x", "product": { "name": "libtasn1-3.7-13.7.1.s390x", "product_id": "libtasn1-3.7-13.7.1.s390x" } }, { "category": "product_version", "name": "libtasn1-6-3.7-13.7.1.s390x", "product": { "name": "libtasn1-6-3.7-13.7.1.s390x", "product_id": "libtasn1-6-3.7-13.7.1.s390x" } }, { "category": "product_version", "name": "libtasn1-6-32bit-3.7-13.7.1.s390x", "product": { "name": "libtasn1-6-32bit-3.7-13.7.1.s390x", "product_id": "libtasn1-6-32bit-3.7-13.7.1.s390x" } }, { "category": "product_version", "name": "libtasn1-devel-3.7-13.7.1.s390x", "product": { "name": "libtasn1-devel-3.7-13.7.1.s390x", "product_id": "libtasn1-devel-3.7-13.7.1.s390x" } }, { "category": "product_version", "name": "libtasn1-devel-32bit-3.7-13.7.1.s390x", "product": { "name": "libtasn1-devel-32bit-3.7-13.7.1.s390x", "product_id": "libtasn1-devel-32bit-3.7-13.7.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libtasn1-3.7-13.7.1.x86_64", "product": { "name": "libtasn1-3.7-13.7.1.x86_64", "product_id": "libtasn1-3.7-13.7.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-6-3.7-13.7.1.x86_64", "product": { "name": "libtasn1-6-3.7-13.7.1.x86_64", "product_id": "libtasn1-6-3.7-13.7.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-6-32bit-3.7-13.7.1.x86_64", "product": { "name": "libtasn1-6-32bit-3.7-13.7.1.x86_64", "product_id": "libtasn1-6-32bit-3.7-13.7.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-3.7-13.7.1.x86_64", "product": { "name": "libtasn1-devel-3.7-13.7.1.x86_64", "product_id": "libtasn1-devel-3.7-13.7.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-32bit-3.7-13.7.1.x86_64", "product": { "name": "libtasn1-devel-32bit-3.7-13.7.1.x86_64", "product_id": "libtasn1-devel-32bit-3.7-13.7.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP2-BCL", "product": { "name": "SUSE Linux Enterprise Server 12 SP2-BCL", "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL", "product_identification_helper": { "cpe": "cpe:/o:suse:sles-bcl:12:sp2" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libtasn1-3.7-13.7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64" }, "product_reference": "libtasn1-3.7-13.7.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-3.7-13.7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64" }, "product_reference": "libtasn1-6-3.7-13.7.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-3.7-13.7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" }, "product_reference": "libtasn1-6-32bit-3.7-13.7.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-6891", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-6891" } ], "notes": [ { "category": "general", "text": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-6891", "url": "https://www.suse.com/security/cve/CVE-2017-6891" }, { "category": "external", "summary": "SUSE Bug 1040621 for CVE-2017-6891", "url": "https://bugzilla.suse.com/1040621" }, { "category": "external", "summary": "SUSE Bug 1049210 for CVE-2017-6891", "url": "https://bugzilla.suse.com/1049210" }, { "category": "external", "summary": "SUSE Bug 1149679 for CVE-2017-6891", "url": "https://bugzilla.suse.com/1149679" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2022-10-27T12:34:13Z", "details": "moderate" } ], "title": "CVE-2017-6891" }, { "cve": "CVE-2018-1000654", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-1000654" } ], "notes": [ { "category": "general", "text": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-1000654", "url": "https://www.suse.com/security/cve/CVE-2018-1000654" }, { "category": "external", "summary": "SUSE Bug 1105435 for CVE-2018-1000654", "url": "https://bugzilla.suse.com/1105435" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2022-10-27T12:34:13Z", "details": "moderate" } ], "title": "CVE-2018-1000654" }, { "cve": "CVE-2021-46848", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2021-46848" } ], "notes": [ { "category": "general", "text": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2021-46848", "url": "https://www.suse.com/security/cve/CVE-2021-46848" }, { "category": "external", "summary": "SUSE Bug 1204690 for CVE-2021-46848", "url": "https://bugzilla.suse.com/1204690" }, { "category": "external", "summary": "SUSE Bug 1205081 for CVE-2021-46848", "url": "https://bugzilla.suse.com/1205081" }, { "category": "external", "summary": "SUSE Bug 1205311 for CVE-2021-46848", "url": "https://bugzilla.suse.com/1205311" }, { "category": "external", "summary": "SUSE Bug 1208025 for CVE-2021-46848", "url": "https://bugzilla.suse.com/1208025" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-3.7-13.7.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libtasn1-6-32bit-3.7-13.7.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2022-10-27T12:34:13Z", "details": "critical" } ], "title": "CVE-2021-46848" } ] }
suse-su-2019:1372-1
Vulnerability from csaf_suse
Published
2019-05-28 14:53
Modified
2019-05-28 14:53
Summary
Security update for libtasn1
Notes
Title of the patch
Security update for libtasn1
Description of the patch
This update for libtasn1 fixes the following issues:
Security issue fixed:
- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).
Patchnames
SUSE-2019-1372,SUSE-SLE-Module-Basesystem-15-2019-1372,SUSE-SLE-Module-Desktop-Applications-15-2019-1372
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for libtasn1", "title": "Title of the patch" }, { "category": "description", "text": "This update for libtasn1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2019-1372,SUSE-SLE-Module-Basesystem-15-2019-1372,SUSE-SLE-Module-Desktop-Applications-15-2019-1372", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1372-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2019:1372-1", "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191372-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2019:1372-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-May/005513.html" }, { "category": "self", "summary": "SUSE Bug 1105435", "url": "https://bugzilla.suse.com/1105435" }, { "category": "self", "summary": "SUSE CVE CVE-2018-1000654 page", "url": "https://www.suse.com/security/cve/CVE-2018-1000654/" } ], "title": "Security update for libtasn1", "tracking": { "current_release_date": "2019-05-28T14:53:31Z", "generator": { "date": "2019-05-28T14:53:31Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2019:1372-1", "initial_release_date": "2019-05-28T14:53:31Z", "revision_history": [ { "date": "2019-05-28T14:53:31Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "libtasn1-4.13-4.5.1.aarch64", "product": { "name": "libtasn1-4.13-4.5.1.aarch64", "product_id": "libtasn1-4.13-4.5.1.aarch64" } }, { "category": "product_version", "name": "libtasn1-6-4.13-4.5.1.aarch64", "product": { "name": "libtasn1-6-4.13-4.5.1.aarch64", "product_id": "libtasn1-6-4.13-4.5.1.aarch64" } }, { "category": "product_version", "name": "libtasn1-devel-4.13-4.5.1.aarch64", "product": { "name": "libtasn1-devel-4.13-4.5.1.aarch64", "product_id": "libtasn1-devel-4.13-4.5.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libtasn1-6-64bit-4.13-4.5.1.aarch64_ilp32", "product": { "name": "libtasn1-6-64bit-4.13-4.5.1.aarch64_ilp32", "product_id": "libtasn1-6-64bit-4.13-4.5.1.aarch64_ilp32" } }, { "category": "product_version", "name": "libtasn1-devel-64bit-4.13-4.5.1.aarch64_ilp32", "product": { "name": "libtasn1-devel-64bit-4.13-4.5.1.aarch64_ilp32", "product_id": "libtasn1-devel-64bit-4.13-4.5.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.13-4.5.1.i586", "product": { "name": "libtasn1-4.13-4.5.1.i586", "product_id": "libtasn1-4.13-4.5.1.i586" } }, { "category": "product_version", "name": "libtasn1-6-4.13-4.5.1.i586", "product": { "name": "libtasn1-6-4.13-4.5.1.i586", "product_id": "libtasn1-6-4.13-4.5.1.i586" } }, { "category": "product_version", "name": "libtasn1-devel-4.13-4.5.1.i586", "product": { "name": "libtasn1-devel-4.13-4.5.1.i586", "product_id": "libtasn1-devel-4.13-4.5.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.13-4.5.1.ppc64le", "product": { "name": "libtasn1-4.13-4.5.1.ppc64le", "product_id": "libtasn1-4.13-4.5.1.ppc64le" } }, { "category": "product_version", "name": "libtasn1-6-4.13-4.5.1.ppc64le", "product": { "name": "libtasn1-6-4.13-4.5.1.ppc64le", "product_id": "libtasn1-6-4.13-4.5.1.ppc64le" } }, { "category": "product_version", "name": "libtasn1-devel-4.13-4.5.1.ppc64le", "product": { "name": "libtasn1-devel-4.13-4.5.1.ppc64le", "product_id": "libtasn1-devel-4.13-4.5.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.13-4.5.1.s390x", "product": { "name": "libtasn1-4.13-4.5.1.s390x", "product_id": "libtasn1-4.13-4.5.1.s390x" } }, { "category": "product_version", "name": "libtasn1-6-4.13-4.5.1.s390x", "product": { "name": "libtasn1-6-4.13-4.5.1.s390x", "product_id": "libtasn1-6-4.13-4.5.1.s390x" } }, { "category": "product_version", "name": "libtasn1-devel-4.13-4.5.1.s390x", "product": { "name": "libtasn1-devel-4.13-4.5.1.s390x", "product_id": "libtasn1-devel-4.13-4.5.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.13-4.5.1.x86_64", "product": { "name": "libtasn1-4.13-4.5.1.x86_64", "product_id": "libtasn1-4.13-4.5.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-6-4.13-4.5.1.x86_64", "product": { "name": "libtasn1-6-4.13-4.5.1.x86_64", "product_id": "libtasn1-6-4.13-4.5.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-6-32bit-4.13-4.5.1.x86_64", "product": { "name": "libtasn1-6-32bit-4.13-4.5.1.x86_64", "product_id": "libtasn1-6-32bit-4.13-4.5.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-4.13-4.5.1.x86_64", "product": { "name": "libtasn1-devel-4.13-4.5.1.x86_64", "product_id": "libtasn1-devel-4.13-4.5.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-32bit-4.13-4.5.1.x86_64", "product": { "name": "libtasn1-devel-32bit-4.13-4.5.1.x86_64", "product_id": "libtasn1-devel-32bit-4.13-4.5.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Module for Basesystem 15", "product": { "name": "SUSE Linux Enterprise Module for Basesystem 15", "product_id": "SUSE Linux Enterprise Module for Basesystem 15", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-module-basesystem:15" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Module for Desktop Applications 15", "product": { "name": "SUSE Linux Enterprise Module for Desktop Applications 15", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-module-desktop-applications:15" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.13-4.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15", "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.aarch64" }, "product_reference": "libtasn1-4.13-4.5.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.13-4.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15", "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.ppc64le" }, "product_reference": "libtasn1-4.13-4.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.13-4.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15", "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.s390x" }, "product_reference": "libtasn1-4.13-4.5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.13-4.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15", "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.x86_64" }, "product_reference": "libtasn1-4.13-4.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.13-4.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15", "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.aarch64" }, "product_reference": "libtasn1-6-4.13-4.5.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.13-4.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15", "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.ppc64le" }, "product_reference": "libtasn1-6-4.13-4.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.13-4.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15", "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.s390x" }, "product_reference": "libtasn1-6-4.13-4.5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.13-4.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15", "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.x86_64" }, "product_reference": "libtasn1-6-4.13-4.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.13-4.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15", "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-32bit-4.13-4.5.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.13-4.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.13-4.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15", "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.aarch64" }, "product_reference": "libtasn1-devel-4.13-4.5.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.13-4.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15", "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.ppc64le" }, "product_reference": "libtasn1-devel-4.13-4.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.13-4.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15", "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.s390x" }, "product_reference": "libtasn1-devel-4.13-4.5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.13-4.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15", "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.x86_64" }, "product_reference": "libtasn1-devel-4.13-4.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.13-4.5.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15", "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libtasn1-6-32bit-4.13-4.5.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.13-4.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-1000654", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-1000654" } ], "notes": [ { "category": "general", "text": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-32bit-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15:libtasn1-6-32bit-4.13-4.5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-1000654", "url": "https://www.suse.com/security/cve/CVE-2018-1000654" }, { "category": "external", "summary": "SUSE Bug 1105435 for CVE-2018-1000654", "url": "https://bugzilla.suse.com/1105435" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-32bit-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15:libtasn1-6-32bit-4.13-4.5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-32bit-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-6-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libtasn1-devel-4.13-4.5.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15:libtasn1-6-32bit-4.13-4.5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2019-05-28T14:53:31Z", "details": "moderate" } ], "title": "CVE-2018-1000654" } ] }
suse-su-2019:1379-1
Vulnerability from csaf_suse
Published
2019-05-29 13:07
Modified
2019-05-29 13:07
Summary
Security update for libtasn1
Notes
Title of the patch
Security update for libtasn1
Description of the patch
This update for libtasn1 fixes the following issues:
Security issues fixed:
- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).
- CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621).
Patchnames
SUSE-2019-1379,SUSE-SLE-DESKTOP-12-SP3-2019-1379,SUSE-SLE-DESKTOP-12-SP4-2019-1379,SUSE-SLE-SDK-12-SP3-2019-1379,SUSE-SLE-SDK-12-SP4-2019-1379,SUSE-SLE-SERVER-12-SP3-2019-1379,SUSE-SLE-SERVER-12-SP4-2019-1379
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for libtasn1", "title": "Title of the patch" }, { "category": "description", "text": "This update for libtasn1 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).\n- CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621).\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2019-1379,SUSE-SLE-DESKTOP-12-SP3-2019-1379,SUSE-SLE-DESKTOP-12-SP4-2019-1379,SUSE-SLE-SDK-12-SP3-2019-1379,SUSE-SLE-SDK-12-SP4-2019-1379,SUSE-SLE-SERVER-12-SP3-2019-1379,SUSE-SLE-SERVER-12-SP4-2019-1379", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1379-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2019:1379-1", "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191379-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2019:1379-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-May/005515.html" }, { "category": "self", "summary": "SUSE Bug 1040621", "url": "https://bugzilla.suse.com/1040621" }, { "category": "self", "summary": "SUSE Bug 1105435", "url": "https://bugzilla.suse.com/1105435" }, { "category": "self", "summary": "SUSE CVE CVE-2017-6891 page", "url": "https://www.suse.com/security/cve/CVE-2017-6891/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-1000654 page", "url": "https://www.suse.com/security/cve/CVE-2018-1000654/" } ], "title": "Security update for libtasn1", "tracking": { "current_release_date": "2019-05-29T13:07:20Z", "generator": { "date": "2019-05-29T13:07:20Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2019:1379-1", "initial_release_date": "2019-05-29T13:07:20Z", "revision_history": [ { "date": "2019-05-29T13:07:20Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "libtasn1-4.9-3.10.1.aarch64", "product": { "name": "libtasn1-4.9-3.10.1.aarch64", "product_id": "libtasn1-4.9-3.10.1.aarch64" } }, { "category": "product_version", "name": "libtasn1-6-4.9-3.10.1.aarch64", "product": { "name": "libtasn1-6-4.9-3.10.1.aarch64", "product_id": "libtasn1-6-4.9-3.10.1.aarch64" } }, { "category": "product_version", "name": "libtasn1-devel-4.9-3.10.1.aarch64", "product": { "name": "libtasn1-devel-4.9-3.10.1.aarch64", "product_id": "libtasn1-devel-4.9-3.10.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libtasn1-6-64bit-4.9-3.10.1.aarch64_ilp32", "product": { "name": "libtasn1-6-64bit-4.9-3.10.1.aarch64_ilp32", "product_id": "libtasn1-6-64bit-4.9-3.10.1.aarch64_ilp32" } }, { "category": "product_version", "name": "libtasn1-devel-64bit-4.9-3.10.1.aarch64_ilp32", "product": { "name": "libtasn1-devel-64bit-4.9-3.10.1.aarch64_ilp32", "product_id": "libtasn1-devel-64bit-4.9-3.10.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.9-3.10.1.i586", "product": { "name": "libtasn1-4.9-3.10.1.i586", "product_id": "libtasn1-4.9-3.10.1.i586" } }, { "category": "product_version", "name": "libtasn1-6-4.9-3.10.1.i586", "product": { "name": "libtasn1-6-4.9-3.10.1.i586", "product_id": "libtasn1-6-4.9-3.10.1.i586" } }, { "category": "product_version", "name": "libtasn1-devel-4.9-3.10.1.i586", "product": { "name": "libtasn1-devel-4.9-3.10.1.i586", "product_id": "libtasn1-devel-4.9-3.10.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.9-3.10.1.ppc64le", "product": { "name": "libtasn1-4.9-3.10.1.ppc64le", "product_id": "libtasn1-4.9-3.10.1.ppc64le" } }, { "category": "product_version", "name": "libtasn1-6-4.9-3.10.1.ppc64le", "product": { "name": "libtasn1-6-4.9-3.10.1.ppc64le", "product_id": "libtasn1-6-4.9-3.10.1.ppc64le" } }, { "category": "product_version", "name": "libtasn1-devel-4.9-3.10.1.ppc64le", "product": { "name": "libtasn1-devel-4.9-3.10.1.ppc64le", "product_id": "libtasn1-devel-4.9-3.10.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.9-3.10.1.s390", "product": { "name": "libtasn1-4.9-3.10.1.s390", "product_id": "libtasn1-4.9-3.10.1.s390" } }, { "category": "product_version", "name": "libtasn1-6-4.9-3.10.1.s390", "product": { "name": "libtasn1-6-4.9-3.10.1.s390", "product_id": "libtasn1-6-4.9-3.10.1.s390" } }, { "category": "product_version", "name": "libtasn1-devel-4.9-3.10.1.s390", "product": { "name": "libtasn1-devel-4.9-3.10.1.s390", "product_id": "libtasn1-devel-4.9-3.10.1.s390" } } ], "category": "architecture", "name": "s390" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.9-3.10.1.s390x", "product": { "name": "libtasn1-4.9-3.10.1.s390x", "product_id": "libtasn1-4.9-3.10.1.s390x" } }, { "category": "product_version", "name": "libtasn1-6-4.9-3.10.1.s390x", "product": { "name": "libtasn1-6-4.9-3.10.1.s390x", "product_id": "libtasn1-6-4.9-3.10.1.s390x" } }, { "category": "product_version", "name": "libtasn1-6-32bit-4.9-3.10.1.s390x", "product": { "name": "libtasn1-6-32bit-4.9-3.10.1.s390x", "product_id": "libtasn1-6-32bit-4.9-3.10.1.s390x" } }, { "category": "product_version", "name": "libtasn1-devel-4.9-3.10.1.s390x", "product": { "name": "libtasn1-devel-4.9-3.10.1.s390x", "product_id": "libtasn1-devel-4.9-3.10.1.s390x" } }, { "category": "product_version", "name": "libtasn1-devel-32bit-4.9-3.10.1.s390x", "product": { "name": "libtasn1-devel-32bit-4.9-3.10.1.s390x", "product_id": "libtasn1-devel-32bit-4.9-3.10.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.9-3.10.1.x86_64", "product": { "name": "libtasn1-4.9-3.10.1.x86_64", "product_id": "libtasn1-4.9-3.10.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-6-4.9-3.10.1.x86_64", "product": { "name": "libtasn1-6-4.9-3.10.1.x86_64", "product_id": "libtasn1-6-4.9-3.10.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "product": { "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "product_id": "libtasn1-6-32bit-4.9-3.10.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-4.9-3.10.1.x86_64", "product": { "name": "libtasn1-devel-4.9-3.10.1.x86_64", "product_id": "libtasn1-devel-4.9-3.10.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-32bit-4.9-3.10.1.x86_64", "product": { "name": "libtasn1-devel-32bit-4.9-3.10.1.x86_64", "product_id": "libtasn1-devel-32bit-4.9-3.10.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Desktop 12 SP3", "product": { "name": "SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sled:12:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Desktop 12 SP4", "product": { "name": "SUSE Linux Enterprise Desktop 12 SP4", "product_id": "SUSE Linux Enterprise Desktop 12 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sled:12:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Software Development Kit 12 SP3", "product": { "name": "SUSE Linux Enterprise Software Development Kit 12 SP3", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-sdk:12:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Software Development Kit 12 SP4", "product": { "name": "SUSE Linux Enterprise Software Development Kit 12 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-sdk:12:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP3", "product": { "name": "SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:12:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP4", "product": { "name": "SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:12:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12:sp4" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4", "product_id": "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4", "product_id": "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4", "product_id": "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-devel-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-devel-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-devel-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-devel-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-devel-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-devel-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-devel-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-devel-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-6-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-6-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-6-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-6-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-6-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-6-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4", "product_id": "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.aarch64" }, "product_reference": "libtasn1-6-4.9-3.10.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le" }, "product_reference": "libtasn1-6-4.9-3.10.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.9-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.9-3.10.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-6891", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-6891" } ], "notes": [ { "category": "general", "text": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-6891", "url": "https://www.suse.com/security/cve/CVE-2017-6891" }, { "category": "external", "summary": "SUSE Bug 1040621 for CVE-2017-6891", "url": "https://bugzilla.suse.com/1040621" }, { "category": "external", "summary": "SUSE Bug 1049210 for CVE-2017-6891", "url": "https://bugzilla.suse.com/1049210" }, { "category": "external", "summary": "SUSE Bug 1149679 for CVE-2017-6891", "url": "https://bugzilla.suse.com/1149679" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2019-05-29T13:07:20Z", "details": "moderate" } ], "title": "CVE-2017-6891" }, { "cve": "CVE-2018-1000654", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-1000654" } ], "notes": [ { "category": "general", "text": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-1000654", "url": "https://www.suse.com/security/cve/CVE-2018-1000654" }, { "category": "external", "summary": "SUSE Bug 1105435 for CVE-2018-1000654", "url": "https://bugzilla.suse.com/1105435" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-32bit-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtasn1-6-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtasn1-devel-4.9-3.10.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:libtasn1-devel-4.9-3.10.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2019-05-29T13:07:20Z", "details": "moderate" } ], "title": "CVE-2018-1000654" } ] }
opensuse-su-2019:1498-1
Vulnerability from csaf_opensuse
Published
2019-06-03 05:50
Modified
2019-06-03 05:50
Summary
Security update for libtasn1
Notes
Title of the patch
Security update for libtasn1
Description of the patch
This update for libtasn1 fixes the following issues:
Security issue fixed:
- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-1498
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for libtasn1", "title": "Title of the patch" }, { "category": "description", "text": "This update for libtasn1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-2019-1498", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1498-1.json" }, { "category": "self", "summary": "URL for openSUSE-SU-2019:1498-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TBPHCDNPF4OMNQRNFMDNJWW64KCW5M2P/#TBPHCDNPF4OMNQRNFMDNJWW64KCW5M2P" }, { "category": "self", "summary": "E-Mail link for openSUSE-SU-2019:1498-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TBPHCDNPF4OMNQRNFMDNJWW64KCW5M2P/#TBPHCDNPF4OMNQRNFMDNJWW64KCW5M2P" }, { "category": "self", "summary": "SUSE Bug 1105435", "url": "https://bugzilla.suse.com/1105435" }, { "category": "self", "summary": "SUSE CVE CVE-2018-1000654 page", "url": "https://www.suse.com/security/cve/CVE-2018-1000654/" } ], "title": "Security update for libtasn1", "tracking": { "current_release_date": "2019-06-03T05:50:40Z", "generator": { "date": "2019-06-03T05:50:40Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2019:1498-1", "initial_release_date": "2019-06-03T05:50:40Z", "revision_history": [ { "date": "2019-06-03T05:50:40Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "libtasn1-4.13-lp151.4.3.1.i586", "product": { "name": "libtasn1-4.13-lp151.4.3.1.i586", "product_id": "libtasn1-4.13-lp151.4.3.1.i586" } }, { "category": "product_version", "name": "libtasn1-6-4.13-lp151.4.3.1.i586", "product": { "name": "libtasn1-6-4.13-lp151.4.3.1.i586", "product_id": "libtasn1-6-4.13-lp151.4.3.1.i586" } }, { "category": "product_version", "name": "libtasn1-devel-4.13-lp151.4.3.1.i586", "product": { "name": "libtasn1-devel-4.13-lp151.4.3.1.i586", "product_id": "libtasn1-devel-4.13-lp151.4.3.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "libtasn1-4.13-lp151.4.3.1.x86_64", "product": { "name": "libtasn1-4.13-lp151.4.3.1.x86_64", "product_id": "libtasn1-4.13-lp151.4.3.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-6-4.13-lp151.4.3.1.x86_64", "product": { "name": "libtasn1-6-4.13-lp151.4.3.1.x86_64", "product_id": "libtasn1-6-4.13-lp151.4.3.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-6-32bit-4.13-lp151.4.3.1.x86_64", "product": { "name": "libtasn1-6-32bit-4.13-lp151.4.3.1.x86_64", "product_id": "libtasn1-6-32bit-4.13-lp151.4.3.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-4.13-lp151.4.3.1.x86_64", "product": { "name": "libtasn1-devel-4.13-lp151.4.3.1.x86_64", "product_id": "libtasn1-devel-4.13-lp151.4.3.1.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-32bit-4.13-lp151.4.3.1.x86_64", "product": { "name": "libtasn1-devel-32bit-4.13-lp151.4.3.1.x86_64", "product_id": "libtasn1-devel-32bit-4.13-lp151.4.3.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "openSUSE Leap 15.0", "product": { "name": "openSUSE Leap 15.0", "product_id": "openSUSE Leap 15.0", "product_identification_helper": { "cpe": "cpe:/o:opensuse:leap:15.0" } } }, { "category": "product_name", "name": "openSUSE Leap 15.1", "product": { "name": "openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1", "product_identification_helper": { "cpe": "cpe:/o:opensuse:leap:15.1" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.13-lp151.4.3.1.i586 as component of openSUSE Leap 15.0", "product_id": "openSUSE Leap 15.0:libtasn1-4.13-lp151.4.3.1.i586" }, "product_reference": "libtasn1-4.13-lp151.4.3.1.i586", "relates_to_product_reference": "openSUSE Leap 15.0" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.13-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.0", "product_id": "openSUSE Leap 15.0:libtasn1-4.13-lp151.4.3.1.x86_64" }, "product_reference": "libtasn1-4.13-lp151.4.3.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.0" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.13-lp151.4.3.1.i586 as component of openSUSE Leap 15.0", "product_id": "openSUSE Leap 15.0:libtasn1-6-4.13-lp151.4.3.1.i586" }, "product_reference": "libtasn1-6-4.13-lp151.4.3.1.i586", "relates_to_product_reference": "openSUSE Leap 15.0" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.13-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.0", "product_id": "openSUSE Leap 15.0:libtasn1-6-4.13-lp151.4.3.1.x86_64" }, "product_reference": "libtasn1-6-4.13-lp151.4.3.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.0" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.13-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.0", "product_id": "openSUSE Leap 15.0:libtasn1-6-32bit-4.13-lp151.4.3.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.13-lp151.4.3.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.0" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.13-lp151.4.3.1.i586 as component of openSUSE Leap 15.0", "product_id": "openSUSE Leap 15.0:libtasn1-devel-4.13-lp151.4.3.1.i586" }, "product_reference": "libtasn1-devel-4.13-lp151.4.3.1.i586", "relates_to_product_reference": "openSUSE Leap 15.0" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.13-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.0", "product_id": "openSUSE Leap 15.0:libtasn1-devel-4.13-lp151.4.3.1.x86_64" }, "product_reference": "libtasn1-devel-4.13-lp151.4.3.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.0" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-32bit-4.13-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.0", "product_id": "openSUSE Leap 15.0:libtasn1-devel-32bit-4.13-lp151.4.3.1.x86_64" }, "product_reference": "libtasn1-devel-32bit-4.13-lp151.4.3.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.0" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.13-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:libtasn1-4.13-lp151.4.3.1.i586" }, "product_reference": "libtasn1-4.13-lp151.4.3.1.i586", "relates_to_product_reference": "openSUSE Leap 15.1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-4.13-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:libtasn1-4.13-lp151.4.3.1.x86_64" }, "product_reference": "libtasn1-4.13-lp151.4.3.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.13-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:libtasn1-6-4.13-lp151.4.3.1.i586" }, "product_reference": "libtasn1-6-4.13-lp151.4.3.1.i586", "relates_to_product_reference": "openSUSE Leap 15.1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.13-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:libtasn1-6-4.13-lp151.4.3.1.x86_64" }, "product_reference": "libtasn1-6-4.13-lp151.4.3.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.13-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:libtasn1-6-32bit-4.13-lp151.4.3.1.x86_64" }, "product_reference": "libtasn1-6-32bit-4.13-lp151.4.3.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.13-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:libtasn1-devel-4.13-lp151.4.3.1.i586" }, "product_reference": "libtasn1-devel-4.13-lp151.4.3.1.i586", "relates_to_product_reference": "openSUSE Leap 15.1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.13-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:libtasn1-devel-4.13-lp151.4.3.1.x86_64" }, "product_reference": "libtasn1-devel-4.13-lp151.4.3.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.1" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-32bit-4.13-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:libtasn1-devel-32bit-4.13-lp151.4.3.1.x86_64" }, "product_reference": "libtasn1-devel-32bit-4.13-lp151.4.3.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-1000654", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-1000654" } ], "notes": [ { "category": "general", "text": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.0:libtasn1-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.0:libtasn1-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.0:libtasn1-6-32bit-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.0:libtasn1-6-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.0:libtasn1-6-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.0:libtasn1-devel-32bit-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.0:libtasn1-devel-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.0:libtasn1-devel-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:libtasn1-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.1:libtasn1-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:libtasn1-6-32bit-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:libtasn1-6-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.1:libtasn1-6-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:libtasn1-devel-32bit-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:libtasn1-devel-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.1:libtasn1-devel-4.13-lp151.4.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-1000654", "url": "https://www.suse.com/security/cve/CVE-2018-1000654" }, { "category": "external", "summary": "SUSE Bug 1105435 for CVE-2018-1000654", "url": "https://bugzilla.suse.com/1105435" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.0:libtasn1-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.0:libtasn1-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.0:libtasn1-6-32bit-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.0:libtasn1-6-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.0:libtasn1-6-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.0:libtasn1-devel-32bit-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.0:libtasn1-devel-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.0:libtasn1-devel-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:libtasn1-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.1:libtasn1-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:libtasn1-6-32bit-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:libtasn1-6-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.1:libtasn1-6-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:libtasn1-devel-32bit-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:libtasn1-devel-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.1:libtasn1-devel-4.13-lp151.4.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Leap 15.0:libtasn1-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.0:libtasn1-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.0:libtasn1-6-32bit-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.0:libtasn1-6-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.0:libtasn1-6-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.0:libtasn1-devel-32bit-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.0:libtasn1-devel-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.0:libtasn1-devel-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:libtasn1-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.1:libtasn1-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:libtasn1-6-32bit-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:libtasn1-6-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.1:libtasn1-6-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:libtasn1-devel-32bit-4.13-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:libtasn1-devel-4.13-lp151.4.3.1.i586", "openSUSE Leap 15.1:libtasn1-devel-4.13-lp151.4.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2019-06-03T05:50:40Z", "details": "moderate" } ], "title": "CVE-2018-1000654" } ] }
opensuse-su-2024:11001-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libtasn1-6-32bit-4.17.0-1.2 on GA media
Notes
Title of the patch
libtasn1-6-32bit-4.17.0-1.2 on GA media
Description of the patch
These are all security issues fixed in the libtasn1-6-32bit-4.17.0-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11001
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "libtasn1-6-32bit-4.17.0-1.2 on GA media", "title": "Title of the patch" }, { "category": "description", "text": "These are all security issues fixed in the libtasn1-6-32bit-4.17.0-1.2 package on the GA media of openSUSE Tumbleweed.", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-Tumbleweed-2024-11001", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11001-1.json" }, { "category": "self", "summary": "SUSE CVE CVE-2018-1000654 page", "url": "https://www.suse.com/security/cve/CVE-2018-1000654/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-6003 page", "url": "https://www.suse.com/security/cve/CVE-2018-6003/" } ], "title": "libtasn1-6-32bit-4.17.0-1.2 on GA media", "tracking": { "current_release_date": "2024-06-15T00:00:00Z", "generator": { "date": "2024-06-15T00:00:00Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2024:11001-1", "initial_release_date": "2024-06-15T00:00:00Z", "revision_history": [ { "date": "2024-06-15T00:00:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "libtasn1-6-4.17.0-1.2.aarch64", "product": { "name": "libtasn1-6-4.17.0-1.2.aarch64", "product_id": "libtasn1-6-4.17.0-1.2.aarch64" } }, { "category": "product_version", "name": "libtasn1-6-32bit-4.17.0-1.2.aarch64", "product": { "name": "libtasn1-6-32bit-4.17.0-1.2.aarch64", "product_id": "libtasn1-6-32bit-4.17.0-1.2.aarch64" } }, { "category": "product_version", "name": "libtasn1-devel-4.17.0-1.2.aarch64", "product": { "name": "libtasn1-devel-4.17.0-1.2.aarch64", "product_id": "libtasn1-devel-4.17.0-1.2.aarch64" } }, { "category": "product_version", "name": "libtasn1-devel-32bit-4.17.0-1.2.aarch64", "product": { "name": "libtasn1-devel-32bit-4.17.0-1.2.aarch64", "product_id": "libtasn1-devel-32bit-4.17.0-1.2.aarch64" } }, { "category": "product_version", "name": "libtasn1-tools-4.17.0-1.2.aarch64", "product": { "name": "libtasn1-tools-4.17.0-1.2.aarch64", "product_id": "libtasn1-tools-4.17.0-1.2.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libtasn1-6-4.17.0-1.2.ppc64le", "product": { "name": "libtasn1-6-4.17.0-1.2.ppc64le", "product_id": "libtasn1-6-4.17.0-1.2.ppc64le" } }, { "category": "product_version", "name": "libtasn1-6-32bit-4.17.0-1.2.ppc64le", "product": { "name": "libtasn1-6-32bit-4.17.0-1.2.ppc64le", "product_id": "libtasn1-6-32bit-4.17.0-1.2.ppc64le" } }, { "category": "product_version", "name": "libtasn1-devel-4.17.0-1.2.ppc64le", "product": { "name": "libtasn1-devel-4.17.0-1.2.ppc64le", "product_id": "libtasn1-devel-4.17.0-1.2.ppc64le" } }, { "category": "product_version", "name": "libtasn1-devel-32bit-4.17.0-1.2.ppc64le", "product": { "name": "libtasn1-devel-32bit-4.17.0-1.2.ppc64le", "product_id": "libtasn1-devel-32bit-4.17.0-1.2.ppc64le" } }, { "category": "product_version", "name": "libtasn1-tools-4.17.0-1.2.ppc64le", "product": { "name": "libtasn1-tools-4.17.0-1.2.ppc64le", "product_id": "libtasn1-tools-4.17.0-1.2.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libtasn1-6-4.17.0-1.2.s390x", "product": { "name": "libtasn1-6-4.17.0-1.2.s390x", "product_id": "libtasn1-6-4.17.0-1.2.s390x" } }, { "category": "product_version", "name": "libtasn1-6-32bit-4.17.0-1.2.s390x", "product": { "name": "libtasn1-6-32bit-4.17.0-1.2.s390x", "product_id": "libtasn1-6-32bit-4.17.0-1.2.s390x" } }, { "category": "product_version", "name": "libtasn1-devel-4.17.0-1.2.s390x", "product": { "name": "libtasn1-devel-4.17.0-1.2.s390x", "product_id": "libtasn1-devel-4.17.0-1.2.s390x" } }, { "category": "product_version", "name": "libtasn1-devel-32bit-4.17.0-1.2.s390x", "product": { "name": "libtasn1-devel-32bit-4.17.0-1.2.s390x", "product_id": "libtasn1-devel-32bit-4.17.0-1.2.s390x" } }, { "category": "product_version", "name": "libtasn1-tools-4.17.0-1.2.s390x", "product": { "name": "libtasn1-tools-4.17.0-1.2.s390x", "product_id": "libtasn1-tools-4.17.0-1.2.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libtasn1-6-4.17.0-1.2.x86_64", "product": { "name": "libtasn1-6-4.17.0-1.2.x86_64", "product_id": "libtasn1-6-4.17.0-1.2.x86_64" } }, { "category": "product_version", "name": "libtasn1-6-32bit-4.17.0-1.2.x86_64", "product": { "name": "libtasn1-6-32bit-4.17.0-1.2.x86_64", "product_id": "libtasn1-6-32bit-4.17.0-1.2.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-4.17.0-1.2.x86_64", "product": { "name": "libtasn1-devel-4.17.0-1.2.x86_64", "product_id": "libtasn1-devel-4.17.0-1.2.x86_64" } }, { "category": "product_version", "name": "libtasn1-devel-32bit-4.17.0-1.2.x86_64", "product": { "name": "libtasn1-devel-32bit-4.17.0-1.2.x86_64", "product_id": "libtasn1-devel-32bit-4.17.0-1.2.x86_64" } }, { "category": "product_version", "name": "libtasn1-tools-4.17.0-1.2.x86_64", "product": { "name": "libtasn1-tools-4.17.0-1.2.x86_64", "product_id": "libtasn1-tools-4.17.0-1.2.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "openSUSE Tumbleweed", "product": { "name": "openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed", "product_identification_helper": { "cpe": "cpe:/o:opensuse:tumbleweed" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.17.0-1.2.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.aarch64" }, "product_reference": "libtasn1-6-4.17.0-1.2.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.17.0-1.2.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.ppc64le" }, "product_reference": "libtasn1-6-4.17.0-1.2.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.17.0-1.2.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.s390x" }, "product_reference": "libtasn1-6-4.17.0-1.2.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-4.17.0-1.2.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.x86_64" }, "product_reference": "libtasn1-6-4.17.0-1.2.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.17.0-1.2.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.aarch64" }, "product_reference": "libtasn1-6-32bit-4.17.0-1.2.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.17.0-1.2.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.ppc64le" }, "product_reference": "libtasn1-6-32bit-4.17.0-1.2.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.17.0-1.2.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.s390x" }, "product_reference": "libtasn1-6-32bit-4.17.0-1.2.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-6-32bit-4.17.0-1.2.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.x86_64" }, "product_reference": "libtasn1-6-32bit-4.17.0-1.2.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.17.0-1.2.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.aarch64" }, "product_reference": "libtasn1-devel-4.17.0-1.2.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.17.0-1.2.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.ppc64le" }, "product_reference": "libtasn1-devel-4.17.0-1.2.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.17.0-1.2.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.s390x" }, "product_reference": "libtasn1-devel-4.17.0-1.2.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-4.17.0-1.2.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.x86_64" }, "product_reference": "libtasn1-devel-4.17.0-1.2.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-32bit-4.17.0-1.2.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.aarch64" }, "product_reference": "libtasn1-devel-32bit-4.17.0-1.2.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-32bit-4.17.0-1.2.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.ppc64le" }, "product_reference": "libtasn1-devel-32bit-4.17.0-1.2.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-32bit-4.17.0-1.2.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.s390x" }, "product_reference": "libtasn1-devel-32bit-4.17.0-1.2.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-devel-32bit-4.17.0-1.2.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.x86_64" }, "product_reference": "libtasn1-devel-32bit-4.17.0-1.2.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-tools-4.17.0-1.2.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.aarch64" }, "product_reference": "libtasn1-tools-4.17.0-1.2.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-tools-4.17.0-1.2.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.ppc64le" }, "product_reference": "libtasn1-tools-4.17.0-1.2.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-tools-4.17.0-1.2.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.s390x" }, "product_reference": "libtasn1-tools-4.17.0-1.2.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "libtasn1-tools-4.17.0-1.2.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.x86_64" }, "product_reference": "libtasn1-tools-4.17.0-1.2.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-1000654", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-1000654" } ], "notes": [ { "category": "general", "text": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-1000654", "url": "https://www.suse.com/security/cve/CVE-2018-1000654" }, { "category": "external", "summary": "SUSE Bug 1105435 for CVE-2018-1000654", "url": "https://bugzilla.suse.com/1105435" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2018-1000654" }, { "cve": "CVE-2018-6003", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-6003" } ], "notes": [ { "category": "general", "text": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-6003", "url": "https://www.suse.com/security/cve/CVE-2018-6003" }, { "category": "external", "summary": "SUSE Bug 1076832 for CVE-2018-6003", "url": "https://bugzilla.suse.com/1076832" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-6-32bit-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-6-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-devel-32bit-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-devel-4.17.0-1.2.x86_64", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.aarch64", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.ppc64le", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.s390x", "openSUSE Tumbleweed:libtasn1-tools-4.17.0-1.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2018-6003" } ] }
ghsa-g69v-w5wh-rhwv
Vulnerability from github
Published
2022-05-13 01:11
Modified
2022-05-13 01:11
Severity ?
VLAI Severity ?
Details
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
{ "affected": [], "aliases": [ "CVE-2018-1000654" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2018-08-20T19:31:00Z", "severity": "HIGH" }, "details": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "id": "GHSA-g69v-w5wh-rhwv", "modified": "2022-05-13T01:11:38Z", "published": "2022-05-13T01:11:38Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000654" }, { "type": "WEB", "url": "https://gitlab.com/gnutls/libtasn1/issues/4" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/105151" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }
fkie_cve-2018-1000654
Vulnerability from fkie_nvd
Published
2018-08-20 19:31
Modified
2024-11-21 03:40
Severity ?
Summary
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html | ||
cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html | ||
cve@mitre.org | http://www.securityfocus.com/bid/105151 | Third Party Advisory, VDB Entry | |
cve@mitre.org | https://gitlab.com/gnutls/libtasn1/issues/4 | Exploit, Third Party Advisory | |
cve@mitre.org | https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105151 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/gnutls/libtasn1/issues/4 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:gnu:libtasn1:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "B0DFAFB0-18FA-48C9-A7D0-8AE3DC3B3F65", "vulnerable": true }, { "criteria": "cpe:2.3:a:gnu:libtasn1:4.13:*:*:*:*:*:*:*", "matchCriteriaId": "E261FB67-8C77-4789-B340-C1DF940ADDAD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file." }, { "lang": "es", "value": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contiene una denegaci\u00f3n de servicio (DoS). De manera espec\u00edfica, el uso de recursos de CPU llega al 100% cuando se ejecuta asn1Paser contra el POC debido a que existe un problema en _asn1_expand_object_id(p_tree) en el que, despu\u00e9s de un per\u00edodo largo de tiempo, el programa se bloquea y se cierra. Este ataque parece ser explotable mediante el an\u00e1lisis sint\u00e1ctico de un archivo manipulado." } ], "id": "CVE-2018-1000654", "lastModified": "2024-11-21T03:40:20.150", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-08-20T19:31:44.870", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105151" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://gitlab.com/gnutls/libtasn1/issues/4" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105151" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://gitlab.com/gnutls/libtasn1/issues/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
gsd-2018-1000654
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "id": "GSD-2018-1000654", "references": [ "https://www.suse.com/security/cve/CVE-2018-1000654.html", "https://advisories.mageia.org/CVE-2018-1000654.html", "https://ubuntu.com/security/CVE-2018-1000654" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2018-1000654" ], "details": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "id": "GSD-2018-1000654", "modified": "2023-12-13T01:22:27.810372Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-08-19T17:09:33.126155", "DATE_REQUESTED": "2018-08-12T23:08:51", "ID": "CVE-2018-1000654", "REQUESTER": "situlingyun@gmail.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://gitlab.com/gnutls/libtasn1/issues/4", "refsource": "CONFIRM", "url": "https://gitlab.com/gnutls/libtasn1/issues/4" }, { "name": "105151", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105151" }, { "name": "openSUSE-SU-2019:1498", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html" }, { "name": "openSUSE-SU-2019:1510", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:gnu:libtasn1:4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:gnu:libtasn1:4.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-1000654" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ] }, "references": { "reference_data": [ { "name": "https://gitlab.com/gnutls/libtasn1/issues/4", "refsource": "CONFIRM", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://gitlab.com/gnutls/libtasn1/issues/4" }, { "name": "105151", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105151" }, { "name": "openSUSE-SU-2019:1498", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html" }, { "name": "openSUSE-SU-2019:1510", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html" }, { "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } }, "lastModifiedDate": "2021-02-25T17:15Z", "publishedDate": "2018-08-20T19:31Z" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…