==========================================================================
Ubuntu Security Notice USN-2294-1
July 22, 2014

libtasn1-3, libtasn1-6 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

Libtasn1 could be made to crash or run programs as your login if it
processed specially crafted data.

Software Description:
– libtasn1-6: Library to manage ASN.1 structures
– libtasn1-3: Library to manage ASN.1 structures

Details:

It was discovered that Libtasn1 incorrectly handled certain ASN.1 data
structures. An attacker could exploit this with specially crafted ASN.1
data and cause applications using Libtasn1 to crash, resulting in a denial
of service. (CVE-2014-3467)

It was discovered that Libtasn1 incorrectly handled negative bit lengths.
An attacker could exploit this with specially crafted ASN.1 data and cause
applications using Libtasn1 to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2014-3468)

It was discovered that Libtasn1 incorrectly handled certain ASN.1 data. An
attacker could exploit this with specially crafted ASN.1 data and cause
applications using Libtasn1 to crash, resulting in a denial of service.
(CVE-2014-3469)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libtasn1-6 3.4-3ubuntu0.1

Ubuntu 12.04 LTS:
libtasn1-3 2.10-1ubuntu1.2

Ubuntu 10.04 LTS:
libtasn1-3 2.4-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2294-1
CVE-2014-3467, CVE-2014-3468, CVE-2014-3469

Package Information:
https://launchpad.net/ubuntu/+source/libtasn1-6/3.4-3ubuntu0.1
https://launchpad.net/ubuntu/+source/libtasn1-3/2.10-1ubuntu1.2
https://launchpad.net/ubuntu/+source/libtasn1-3/2.4-1ubuntu0.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTzqiWAAoJEGVp2FWnRL6T4x8P/0LfeyDSeuUKDK4eRRAuLgGk
4XxMn9rvo0sANj62EVJoqCUkNV6mo+jAzT6ySTfc023gMbMpn+D/X2ovVlqAHVqb
pm/Iaqd5EFrgmWjrsjPHla1ngrw4O1PVzs7F3WeCwGJWn7S/QAt7wfZK3i/yWNTZ
5RQHWACd+nXnAVtwhU38HUKtnjJD/5i4aqFXsmC2bV0gd7HdeW4MDUuuALlDpEIV
5NyebN27yOgBhHGSi1VtDPcjWcwst++xJ/rRtHxxbOTOJO9pHidXphcHbdjaYvuS
YzwXGAQmqoF+R4yQBz9lEc9ob0TWyKdH3kTo9eRlu2F46SuXpESSotn6pYmztKCc
ewdfPfn6SeHAqmdESqRQj7tVP2DOh16+Wd8dNrFTYZJCaSwO8lIupozaJMfmHYyh
i1EMfz3iJeiL+O8e/iHvz4NjkAPnpt5mjxhM6+2U0aQ0/pE0wcmEJCoi2m8VNqfy
Zm8nATz2qxvmuCGch7sVDaRONEdI7QVyEvWNd5xQgC7ElH5d1hIiDiSQqjEDszGU
o7pFo0K1BL7GABnT3QLPLBz/r2SB1yNhfqMEVnrvKFQK6EO+v4MNYpA9SP9EDZF3
1HXkaYS3kykNuNvuUxpRZxXYns7BlJ2Nfv/SohKjxyjvRSDtuoezrNRDbhReq/Mf
sQWpgj9NSyK+YIPqOPvi
=OLjG
—–END PGP SIGNATURE—–
—