ID de Prueba:	1.3.6.1.4.1.25623.1.0.871853
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for libtasn1 RHSA-2017:1860-01
Resumen:	The remote host is missing an update for the 'libtasn1'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'libtasn1' package(s) announced via the referenced advisory. Vulnerability Insight: Libtasn1 is a library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions. The following packages have been upgraded to a later upstream version: libtasn1 (4.10). (BZ#1360639) Security Fix(es): * A heap-based buffer overflow flaw was found in the way the libtasn1 library decoded certain DER-encoded inputs. A specially crafted DER-encoded input could cause an application using libtasn1 to perform an invalid read, causing the application to crash. (CVE-2015-3622) * A stack-based buffer overflow was found in the way libtasn1 decoded certain DER encoded data. An attacker could use this flaw to crash an application using the libtasn1 library. (CVE-2015-2806) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. Affected Software/OS: libtasn1 on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2806 BugTraq ID: 73436 http://www.securityfocus.com/bid/73436 Debian Security Information: DSA-3220 (Google Search) http://www.debian.org/security/2015/dsa-3220 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html https://security.gentoo.org/glsa/201509-04 http://www.mandriva.com/security/advisories?name=MDVSA-2015:193 http://www.openwall.com/lists/oss-security/2015/03/29/4 http://www.openwall.com/lists/oss-security/2015/03/31/2 RedHat Security Advisories: RHSA-2017:1860 https://access.redhat.com/errata/RHSA-2017:1860 http://www.securitytracker.com/id/1032080 http://www.ubuntu.com/usn/USN-2559-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-3622 BugTraq ID: 74419 http://www.securityfocus.com/bid/74419 Debian Security Information: DSA-3256 (Google Search) http://www.debian.org/security/2015/dsa-3256 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html http://seclists.org/fulldisclosure/2015/Apr/109 http://www.mandriva.com/security/advisories?name=MDVSA-2015:232 http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.html http://www.securitytracker.com/id/1032246 SuSE Security Announcement: openSUSE-SU-2015:1372 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-08/msg00014.html SuSE Security Announcement: openSUSE-SU-2016:1567 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html SuSE Security Announcement: openSUSE-SU-2016:1674 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html http://www.ubuntu.com/usn/USN-2604-1
Copyright	Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.