Bug 20931 - libtasn1 new security issue CVE-2017-6891
Summary: libtasn1 new security issue CVE-2017-6891
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5-32-OK MGA5-64-OK advisory
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2017-05-25 01:57 CEST by David Walser
Modified: 2017-06-08 23:40 CEST (History)
5 users (show)

See Also:
Source RPM: libtasn1-4.2-4.1.mga5.src.rpm
CVE: CVE-2017-6891
Status comment:


Attachments

Description David Walser 2017-05-25 01:57:39 CEST
Debian has issued an advisory today (May 24):
https://www.debian.org/security/2017/dsa-3861

The Debian bug has a link to the upstream commit to fix the issue:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863186

Mageia 5 is also affected.
David Walser 2017-05-25 01:57:46 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 Nicolas Lécureuil 2017-05-26 08:47:31 CEST
Fixed on cauldron

CVE: (none) => CVE-2017-6891
Whiteboard: MGA5TOO => (none)
Version: Cauldron => 5
CC: (none) => mageia

Comment 2 Marja Van Waes 2017-05-28 06:08:29 CEST
Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Comment 3 Nicolas Lécureuil 2017-06-01 23:34:47 CEST
pushed in updates_testing:

src.rpm:   libtasn1-4.2-4.2.mga5

Assignee: pkg-bugs => qa-bugs

Comment 4 David Walser 2017-06-02 03:07:07 CEST
Advisory:
========================

Updated libtasn1 packages fix security vulnerability:

Jakub Jirasek of Secunia Research discovered that libtasn1 did not properly
validate its input. This would allow an attacker to cause a crash by
denial-of-service, or potentially execute arbitrary code, by tricking a user
into processing a maliciously crafted assignments file (CVE-2017-6891).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891
https://www.debian.org/security/2017/dsa-3861
========================

Updated packages in core/updates_testing:
========================
libtasn1_6-4.2-4.2.mga5
libtasn1-tools-4.2-4.2.mga5
libtasn1-devel-4.2-4.2.mga5

libtasn1-4.2-4.2.mga5.src.rpm
Comment 5 Herman Viaene 2017-06-03 14:06:09 CEST
MGA5-32 on Asus A6000VM Xfce
No installation issues.
Found bug 5128 Comment 10 as test procedure (tx Claire) and found same results
$ asn1Coding pkix.asn assign.asn1
Parse: done.

var=dp, value=PKIX1.Dss-Sig-Value
var=r, value=42
var=s, value=47

name:NULL  type:SEQUENCE
  name:r  type:INTEGER  value:0x2a
  name:s  type:INTEGER  value:0x2f

Coding: SUCCESS

-----------------
Number of bytes=8
30 06 02 01 2a 02 01 2f 
-----------------

OutputFile=assign.out

checked output file OK
Writing: done.$ asn1Parser pkix.asn
Done.
checked output file OK
$ asn1Decoding pkix.asn assign.out PKIX1.Dss-Sig-Value
Parse: done.

Decoding: SUCCESS

DECODING RESULT:
name:NULL  type:SEQUENCE
  name:r  type:INTEGER  value:0x2a
  name:s  type:INTEGER  value:0x2f

CC: (none) => herman.viaene
Whiteboard: (none) => MGA5-32-OK

Comment 6 Lewis Smith 2017-06-06 21:35:21 CEST
Testing M5 x64

BEFORE the update:
 lib64tasn1_6-4.2-4.1.mga5
 libtasn1-tools-4.2-4.1.mga5
Ran the test procedure as per: https://bugs.mageia.org/show_bug.cgi?id=5128#c10 (thank you Herman, & Claire originally) which starts by you creating 2 example files 'pkix.asn' & 'assign.asn1' as given in:
http://www.gnu.org/software/libtasn1/manual/html_node/Invoking-asn1Coding.html
All went as indicated.

1. asn1Coding pkix.asn assign.asn1
Parse: done.

var=dp, value=PKIX1.Dss-Sig-Value
var=r, value=42
var=s, value=47

name:NULL  type:SEQUENCE
  name:r  type:INTEGER  value:0x2a
  name:s  type:INTEGER  value:0x2f

Coding: SUCCESS

-----------------
Number of bytes=8
30 06 02 01 2a 02 01 2f 
-----------------

OutputFile=assign.out

Writing: done.

2. $ asn1Parser pkix.asn
Done.

Generates pkix_asn1_tab.c
 $ cat pkix_asn1_tab.c
#if HAVE_CONFIG_H
# include "config.h"
#endif

#include <libtasn1.h>

const asn1_static_node pkix_asn1_tab[] = {
  { "PKIX1", 536875024, NULL },
  { NULL, 1073741836, NULL },
  { "Dss-Sig-Value", 536870917, NULL },
  { "r", 1073741827, NULL },
  { "s", 3, NULL },
  { NULL, 0, NULL }
};

3. $ asn1Decoding pkix.asn assign.out PKIX1.Dss-Sig-Value
Parse: done.

Decoding: SUCCESS

DECODING RESULT:
name:NULL  type:SEQUENCE
  name:r  type:INTEGER  value:0x2a
  name:s  type:INTEGER  value:0x2f
---------------------------------
AFTER the update to:
 lib64tasn1_6-4.2-4.2.mga5
 libtasn1-tools-4.2-4.2.mga5

All results were identical to before.
Update OK. Validating. Advisory to follow.

Whiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OK
Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Lewis Smith 2017-06-06 21:41:22 CEST

Whiteboard: MGA5-32-OK MGA5-64-OK => MGA5-32-OK MGA5-64-OK advisory

Comment 7 Mageia Robot 2017-06-08 23:40:41 CEST
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0159.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.