CVE-2014-3467

Publication date 5 June 2014

Last updated 24 July 2024

Ubuntu priority

Description

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libtasn1-3	14.04 LTS trusty	Not in release
	13.10 saucy	Ignored end of life
	12.04 LTS precise	Fixed 2.10-1ubuntu1.2
	10.04 LTS lucid	Fixed 2.4-1ubuntu0.2
libtasn1-6	14.04 LTS trusty	Fixed 3.4-3ubuntu0.1
	13.10 saucy	Ignored end of life
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libtasn1-6	Upstream: ?id=ff3 Upstream: ?id=b32 Upstream: ?id=0e8 Upstream: ?id=154 Upstream: ?id=eb8 Upstream: ?id=25d Upstream: ?id=37a Upstream: ?id=df4 Upstream: ?id=cc1 Upstream: ?id=609 Upstream: ?id=6fe Upstream: ?id=af0 Upstream: ?id=925 Upstream: ?id=f24 Upstream: ?id=516 Upstream: ?id=02d Upstream: ?id=44a Upstream: ?id=539 Upstream: ?id=045 Upstream: ?id=f09 Upstream: ?id=6cd

References

Related Ubuntu Security Notices (USN)

USN-2294-1
Libtasn1 vulnerabilities
22 July 2014