CVE-2017-6891

Priority
Medium
Description
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within
GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based
buffer overflow by tricking a user into processing a specially crafted
assignments file via the e.g. asn1Coding utility.
References
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):released (2.10-1ubuntu1.6)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.10-1.1)
Ubuntu 17.10 (Artful Aardvark):not-affected (4.10-1.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (3.4-3ubuntu0.5)
Ubuntu Core 15.04:needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):released (4.7-3ubuntu0.16.04.2)
Ubuntu 17.04 (Zesty Zapus):released (4.10-1ubuntu0.1)
Patches:
Upstream:https://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484
More Information

Updated: 2017-08-11 23:26:13 UTC (commit 13081)