Bug 880735 (CVE-2014-3468)

Summary: VUL-0: CVE-2014-3468: libtasn1: asn1_get_bit_der() can return negative bit length
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: meissner, smash_bz, sreeves
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/99192/
Whiteboard: maint:running:57609:important maint:released:sle11-sp1:58293 maint:released:sle11-sp3:58294
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Johannes Segitz 2014-05-30 12:18:49 UTC 
asn1_get_bit_der() can return negative bit length upon parsing ASN.1 input. This could lead to several problems in the code that assumes a correct and positive length count.

Fixed upstream in libtasn1 3.6:
http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html

Please submit for SLES 11-SP3, SLES 12, openSUSE 12.3 and openSUSE 13.1.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1102323
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468
Comment 1 Marcus Schaefer 2014-05-30 12:26:58 UTC 
I'm not and never was responsible for this library, even though some 
stupid maintainer tool might have told you that. Please refer to the package
changelog and find the one who really contributes to it

Thanks
Comment 2 Swamp Workflow Management 2014-05-30 12:36:04 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-06-06.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57609
Comment 3 SMASH SMASH 2014-05-30 12:40:13 UTC 
Affected packages:

SLE-11-SP3: libtasn1
Comment 4 Swamp Workflow Management 2014-05-30 22:00:28 UTC 
bugbot adjusting priority
Comment 5 Swamp Workflow Management 2014-06-02 10:15:39 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-06-09.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57618
Comment 6 Bernhard Wiedemann 2014-06-03 10:00:19 UTC 
This is an autogenerated message for OBS integration:
This bug (880735) was mentioned in
https://build.opensuse.org/request/show/236130 Factory / libtasn1
Comment 9 Scott Reeves 2014-06-16 22:10:58 UTC 
Fixes submitted for SLE 11, SLE 12, openSUSE 12.3 and openSUSE 13.1.

I would suggest waiting for the related submission for bnc#880737 before pushing.
Comment 10 Bernhard Wiedemann 2014-06-16 23:00:15 UTC 
This is an autogenerated message for OBS integration:
This bug (880735) was mentioned in
https://build.opensuse.org/request/show/237601 13.1 / libtasn1
https://build.opensuse.org/request/show/237602 12.3 / libtasn1
Comment 12 Swamp Workflow Management 2014-07-24 01:05:29 UTC 
SUSE-SU-2014:0931-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 880735,880737,880738
CVE References: CVE-2014-3467,CVE-2014-3468,CVE-2014-3469
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    libtasn1-1.5-1.28.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    libtasn1-1.5-1.28.1
SUSE Linux Enterprise Server 11 SP3 (src):    libtasn1-1.5-1.28.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    libtasn1-1.5-1.28.1
Comment 13 Bernhard Wiedemann 2014-07-26 09:00:13 UTC 
This is an autogenerated message for OBS integration:
This bug (880735) was mentioned in
https://build.opensuse.org/request/show/242449 Factory / libtasn1
Comment 15 Marcus Meissner 2014-07-30 11:56:09 UTC 
released