FEDORA-EPEL-2017-776e20faa7 created by mooninite 2 years ago for Fedora EPEL 7
stable

Noteworthy changes in release 4.11 (released 2017-05-27) [stable]

  • Introduced the ASN1_TIME_ENCODING_ERROR error code to indicate an invalid encoding in the DER time fields.
  • Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag allows decoding errors in time fields even when in strict DER mode. That is introduced in order to allow toleration of invalid times in X.509 certificates (which are common) even though strict DER adherence is enforced in other fields.
  • Added safety check in asn1_find_node(). That prevents a crash when a very long variable name is provided by the developer. Note that this to be exploited requires controlling the ASN.1 definitions used by the developer, i.e., the 'name' parameter of asn1_write_value() or asn1_read_value(). The library is not designed to protect against malicious manipulation of the developer assigned variable names. Reported by Jakub Jirasek.

Noteworthy changes in release 4.10 (released 2017-01-16) [stable]

This update has been submitted for testing by mooninite.

2 years ago

This update has been pushed to testing.

2 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by mooninite.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
1
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
BZ#1218144 CVE-2015-3622 mingw-libtasn1: libtasn1: heap overflow flaw in _asn1_extract_der_octet() [epel-7]
0
0
BZ#1325970 CVE-2016-4008 mingw-libtasn1: libtasn1: infinite loop while parsing DER certificates [epel-7]
0
0
BZ#1456766 CVE-2017-6891 mingw-libtasn1: libtasn1: Stack-based buffer overflow in asn1_find_node() [epel-7]
0
0

Automated Test Results