Thursday, February 20, 2025

[USN-7275-2] Libtasn1 vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAme3xBMFAwAAAAAACgkQyfW2m9Ldu6vk
/BAAhLLSIBQr7G1qjDF5J8ScGg10OZeS6sTJPQT/0MulB4MOB8mVzXlGaPv/Owf/N/xgcbVHJsoT
v60V871clH7M2QlG7VRhuW95BwP8LBHoyz5AY8hpOonqEfZKwTyEPl3elQ88RCde8gktQY6p62Fw
od6Qkq1VODZCNd/ZxFNBFokJ7luif/G8toO8nu58cBWF6XQcEFsbCqEp+S5TM+gWxrmx40ymGifh
w1ffDyGevSSTLSGmtwQxoYGmGAPFa/qiOcmeKVUlrdeJeNSaBXXN4O8ejlySb7HUaqj6BI63/gdq
HtwIKdj0LEJo/ZymOgy0uwpEMj9ZIXS0rbAchFgyjNE6ElFZaviXDQ0GGZsBLPJ3t9u4/5T0B9Ca
2tqeWbIulGvFKZoWyafM5jM9lkJa/c4ny2BLe4PJq62yxL0pVgrBjIXY+lXEyF/ID9BU+UVPocDr
tKkDq8vqaGHjh0k6IFWj9D02TdbufWAdRGqKiHbYX8EhYeUUUDBUBVbEts2e+lVLtZs7W2bpgLZu
o4/a2mPKu+WW8scirZVqmk38a7tRuh7lNhkVdWOgxGHN8opF8Lj3HjwDimfDjSY+o4bpR3miKhPl
6NFjxGHXIVLMcaiaLYoWiwWE0hWR40QG+lR/5YIz2ohScF/EGvFXF36darE1IlvTdIeb6W76xSkm
jkA=
=cEGW
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7275-2
February 20, 2025

libtasn1-6 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Libtasn1 could be made to crash if it received specially crafted network
traffic.

Software Description:
- libtasn1-6: Library to manage ASN.1 structures

Details:

USN-7275-1 fixed vulnerabilities in Libtasn1. This update provides the
corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

 Bing Shi discovered that Libtasn1 inefficiently handled certificates. An
 attacker could possibly use this issue to increase resource utilization
 leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libtasn1-6                      4.19.0-3ubuntu0.24.04.1
  libtasn1-bin                    4.19.0-3ubuntu0.24.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7275-2
  https://ubuntu.com/security/notices/USN-7275-1
  CVE-2024-12133

Package Information:
https://launchpad.net/ubuntu/+source/libtasn1-6/4.19.0-3ubuntu0.24.04.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)