Oval Definition:oval:com.redhat.rhsa:def:20171860
Revision Date:2017-08-01Version:640
Title:RHSA-2017:1860: libtasn1 security, bug fix, and enhancement update (Moderate)
Description:Libtasn1 is a library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions.

  • The following packages have been upgraded to a later upstream version: libtasn1 (4.10). (BZ#1360639)

    Security Fix(es):

  • A heap-based buffer overflow flaw was found in the way the libtasn1 library decoded certain DER-encoded inputs. A specially crafted DER-encoded input could cause an application using libtasn1 to perform an invalid read, causing the application to crash. (CVE-2015-3622)

  • A stack-based buffer overflow was found in the way libtasn1 decoded certain DER encoded data. An attacker could use this flaw to crash an application using the libtasn1 library. (CVE-2015-2806)

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2015-2806
    CVE-2015-3622
    RHSA-2017:1860
    RHSA-2017:1860-01
    Platform(s):Red Hat Enterprise Linux 7
    Red Hat Enterprise Linux 7 (please do not use for >= RHEL-7.5)
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • libtasn1 is earlier than 0:4.10-1.el7
  • AND libtasn1 is signed with Red Hat redhatrelease2 key
  • libtasn1-devel is earlier than 0:4.10-1.el7
  • AND libtasn1-devel is signed with Red Hat redhatrelease2 key
  • libtasn1-tools is earlier than 0:4.10-1.el7
  • AND libtasn1-tools is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
  • AND Package Information
  • libtasn1-tools is earlier than 0:4.10-1.el7
  • AND libtasn1-tools is signed with Red Hat redhatrelease2 key
  • OR
  • libtasn1-devel is earlier than 0:4.10-1.el7
  • AND libtasn1-devel is signed with Red Hat redhatrelease2 key
  • OR
  • libtasn1 is earlier than 0:4.10-1.el7
  • AND libtasn1 is signed with Red Hat redhatrelease2 key
    • BACK