[security-alerts] FW: [SA18794] GnuTLS libtasn1 DER Decoding Denial of Service Vulnerabilities

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> 
> TITLE:
> GnuTLS libtasn1 DER Decoding Denial of Service Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA18794
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/18794/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> DoS
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> GnuTLS 1.x
> http://secunia.com/product/3748/
> GnuTLS libtasn1 Tiny ASN.1 library 0.x
> http://secunia.com/product/7952/
> 
> DESCRIPTION:
> Evgeny Legerov has reported some vulnerabilities in GnuTLS libtasn1,
> which potentially can be exploited by malicious people to cause a DoS
> (Denial of Service).
> 
> The vulnerabilities are caused due to errors within the DER decoder
> in libtasn1. This can be exploited to crash an application that uses
> the library via specially-crafted input.
> 
> The vulnerabilities have been reported in libtasn1 prior to 0.2.18
> and in GnuTLS prior to 1.2.10.
> 
> SOLUTION:
> Update to the fixed versions.
> http://www.gnu.org/software/gnutls/download.html
> 
> Libtasn1:
> Update to version 0.2.18.
> 
> GnuTLS:
> Update to version 1.2.10.
> 
> The vulnerabilities have also been fixed in GnuTLS version 1.3.4
> (experimental).
> 
> PROVIDED AND/OR DISCOVERED BY:
> Evgeny Legerov, GLEG Ltd.
> 
> ORIGINAL ADVISORY:
> http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html
> 
>