CVE-2017-6891

Priority
Medium
Description
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within
GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based
buffer overflow by tricking a user into processing a specially crafted
assignments file via the e.g. asn1Coding utility.
References
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 16.10 (Yakkety Yak):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.10-1.1)
Ubuntu 17.10 (Artful Aardvark):not-affected (4.10-1.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (3.4-3ubuntu0.5)
Ubuntu Touch 15.04:ignored (reached end-of-life)
Ubuntu Core 15.04:needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):released (4.7-3ubuntu0.16.04.2)
Ubuntu 16.10 (Yakkety Yak):released (4.9-4ubuntu0.1)
Ubuntu 17.04 (Zesty Zapus):released (4.10-1ubuntu0.1)
Patches:
Upstream:https://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484
More Information

Updated: 2017-06-15 16:17:10 UTC (commit 12747)