Bug 20931

Fixed on cauldron

CVE: (none) => CVE-2017-6891
Whiteboard: MGA5TOO => (none)
Version: Cauldron => 5
CC: (none) => mageia

Assigning to all packagers collectively, since there is no registered maintainer for this package.

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11

pushed in updates_testing:

src.rpm:   libtasn1-4.2-4.2.mga5

Assignee: pkg-bugs => qa-bugs

Advisory:
========================

Updated libtasn1 packages fix security vulnerability:

Jakub Jirasek of Secunia Research discovered that libtasn1 did not properly
validate its input. This would allow an attacker to cause a crash by
denial-of-service, or potentially execute arbitrary code, by tricking a user
into processing a maliciously crafted assignments file (CVE-2017-6891).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891
https://www.debian.org/security/2017/dsa-3861
========================

Updated packages in core/updates_testing:
========================
libtasn1_6-4.2-4.2.mga5
libtasn1-tools-4.2-4.2.mga5
libtasn1-devel-4.2-4.2.mga5

libtasn1-4.2-4.2.mga5.src.rpm

MGA5-32 on Asus A6000VM Xfce
No installation issues.
Found bug 5128 Comment 10 as test procedure (tx Claire) and found same results
$ asn1Coding pkix.asn assign.asn1
Parse: done.

var=dp, value=PKIX1.Dss-Sig-Value
var=r, value=42
var=s, value=47

name:NULL  type:SEQUENCE
  name:r  type:INTEGER  value:0x2a
  name:s  type:INTEGER  value:0x2f

Coding: SUCCESS

-----------------
Number of bytes=8
30 06 02 01 2a 02 01 2f 
-----------------

OutputFile=assign.out

checked output file OK
Writing: done.$ asn1Parser pkix.asn
Done.
checked output file OK
$ asn1Decoding pkix.asn assign.out PKIX1.Dss-Sig-Value
Parse: done.

Decoding: SUCCESS

DECODING RESULT:
name:NULL  type:SEQUENCE
  name:r  type:INTEGER  value:0x2a
  name:s  type:INTEGER  value:0x2f

CC: (none) => herman.viaene
Whiteboard: (none) => MGA5-32-OK

Testing M5 x64

BEFORE the update:
 lib64tasn1_6-4.2-4.1.mga5
 libtasn1-tools-4.2-4.1.mga5
Ran the test procedure as per: https://bugs.mageia.org/show_bug.cgi?id=5128#c10 (thank you Herman, & Claire originally) which starts by you creating 2 example files 'pkix.asn' & 'assign.asn1' as given in:
http://www.gnu.org/software/libtasn1/manual/html_node/Invoking-asn1Coding.html
All went as indicated.

1. asn1Coding pkix.asn assign.asn1
Parse: done.

var=dp, value=PKIX1.Dss-Sig-Value
var=r, value=42
var=s, value=47

name:NULL  type:SEQUENCE
  name:r  type:INTEGER  value:0x2a
  name:s  type:INTEGER  value:0x2f

Coding: SUCCESS

-----------------
Number of bytes=8
30 06 02 01 2a 02 01 2f 
-----------------

OutputFile=assign.out

Writing: done.

2. $ asn1Parser pkix.asn
Done.

Generates pkix_asn1_tab.c
 $ cat pkix_asn1_tab.c
#if HAVE_CONFIG_H
# include "config.h"
#endif

#include <libtasn1.h>

const asn1_static_node pkix_asn1_tab[] = {
  { "PKIX1", 536875024, NULL },
  { NULL, 1073741836, NULL },
  { "Dss-Sig-Value", 536870917, NULL },
  { "r", 1073741827, NULL },
  { "s", 3, NULL },
  { NULL, 0, NULL }
};

3. $ asn1Decoding pkix.asn assign.out PKIX1.Dss-Sig-Value
Parse: done.

Decoding: SUCCESS

DECODING RESULT:
name:NULL  type:SEQUENCE
  name:r  type:INTEGER  value:0x2a
  name:s  type:INTEGER  value:0x2f
---------------------------------
AFTER the update to:
 lib64tasn1_6-4.2-4.2.mga5
 libtasn1-tools-4.2-4.2.mga5

All results were identical to before.
Update OK. Validating. Advisory to follow.

Whiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OK
Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0159.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED