34957 – libtasn1 new security issue CVE-2025-13151

Bug 34957 - libtasn1 new security issue CVE-2025-13151

Summary: libtasn1 new security issue CVE-2025-13151

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2026-01-09 08:23 CET by Nicolas Salguero
Modified:	2026-01-12 19:43 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:	libtasn1-4.20.0-1.mga9.src.rpm
CVE:	CVE-2025-13151
Status comment:

Flags:	j.alberto.vc: test_passed_mga9_64+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-01-09 08:23:37 CET

Reference:
https://www.openwall.com/lists/oss-security/2026/01/08/5

Nicolas Salguero 2026-01-09 08:24:22 CET

Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2025-13151
Flags: (none) => affects_mga9+
Status comment: (none) => Fixed upstream in 4.21.0
Source RPM: (none) => libtasn1-4.20.0-2.mga10.src.rpm, libtasn1-4.20.0-1.mga9.src.rpm

Comment 1 Nicolas Salguero 2026-01-09 08:51:10 CET

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string. (CVE-2025-13151)

References:
https://www.openwall.com/lists/oss-security/2026/01/08/5
========================

Updated packages in core/updates_testing:
========================
lib(64)tasn1_6-4.21.0-1.mga9
lib(64)tasn1-devel-4.21.0-1.mga9
libtasn1-tools-4.21.0-1.mga9

from SRPM:
libtasn1-4.21.0-1.mga9.src.rpm

Status comment: Fixed upstream in 4.21.0 => (none)
Flags: affects_mga9+ => (none)
Version: Cauldron => 9
Status: NEW => ASSIGNED
Source RPM: libtasn1-4.20.0-2.mga10.src.rpm, libtasn1-4.20.0-1.mga9.src.rpm => libtasn1-4.20.0-1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)

Nicolas Salguero 2026-01-09 10:27:58 CET

Assignee: bugsquad => qa-bugs

katnatek 2026-01-09 22:38:34 CET

Keywords: (none) => advisory

Comment 2 katnatek 2026-01-10 03:05:57 CET

RH x86_64

installing lib64tasn1_6-4.21.0-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     #####################################################################################
      1/1: lib64tasn1_6          #####################################################################################
      1/1: removing lib64tasn1_6-4.20.0-1.mga9.x86_64
                                 #####################################################################################

strace gnome-boxes shows

openat(AT_FDCWD, "/usr/lib64/libtasn1.so.6", O_RDONLY|O_CLOEXEC) = 3

Flags: (none) => test_passed_mga9_64+

Comment 3 Herman Viaene 2026-01-10 17:25:49 CET

MGA9-64 server Plasma Wayland on Compaq H000SB
No installation issues.
Ref bug 31039 Comment 6.
Muddled a bit around in blender, creating  and moving some objects around. It's a job way over my head, but it looks OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK

Comment 4 Thomas Andrews 2026-01-12 00:39:41 CET

Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 5 Mageia Robot 2026-01-12 19:43:14 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0007.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.