| Summary: | libtasn1 new security issues CVE-2014-346[7-9] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | sysadmin-bugs, tmb |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/601142/ | ||
| Whiteboard: | MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok | ||
| Source RPM: | libtasn1-3.4-1.mga4.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2014-05-30 17:08:38 CEST
David Walser
2014-05-30 17:08:43 CEST
Whiteboard:
(none) =>
MGA3TOO Procedure: https://bugs.mageia.org/show_bug.cgi?id=5128#c10 Testing complete mga4 64 The two test files are below.. $ cat pkix.asn PKIX1 { } DEFINITIONS IMPLICIT TAGS ::= BEGIN Dss-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } END $ cat assign.asn1 dp PKIX1.Dss-Sig-Value r 42 s 47 Testing with commands from libtasn1-tools.. $ asn1Coding pkix.asn assign.asn1 Parse: done. var=dp, value=PKIX1.Dss-Sig-Value var=r, value=42 var=s, value=47 name:NULL type:SEQUENCE name:r type:INTEGER value:0x2a name:s type:INTEGER value:0x2f Coding: SUCCESS ----------------- Number of bytes=8 30 06 02 01 2a 02 01 2f ----------------- OutputFile=assign.out Writing: done. $ asn1Parser pkix.asn Done. $ asn1Decoding pkix.asn assign.out PKIX1.Dss-Sig-Value Parse: done. Decoding: SUCCESS DECODING RESULT: name:NULL type:SEQUENCE name:r type:INTEGER value:0x2a name:s type:INTEGER value:0x2f Whiteboard:
MGA3TOO =>
MGA3TOO has_procedure mga4-64-ok Tested using Claire's testing procedure from: https://bugs.mageia.org/show_bug.cgi?id=5128#c10 With Mageia 4 i586 I got the same results she got in the previous test. Also got the same results testing Mageia 3 i586. Testing complete mga3 32 too Whiteboard:
MGA3TOO has_procedure mga4-64-ok =>
MGA3TOO has_procedure mga3-32-ok mga4-32-ok mga4-64-ok Testing complete mga3 64 Whiteboard:
MGA3TOO has_procedure mga3-32-ok mga4-32-ok mga4-64-ok =>
MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok Validating. Advisory uploaded. Could sysadmin please push to 3 & 4 updates Thanks Whiteboard:
MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok =>
MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok
claire robinson
2014-06-02 15:13:09 CEST
Keywords:
(none) =>
validated_update Update pushed: http://advisories.mageia.org/MGASA-2014-0247.html Status:
NEW =>
RESOLVED
David Walser
2014-06-03 18:41:45 CEST
URL:
(none) =>
http://lwn.net/Vulnerabilities/601142/ |