Lucene search

K
hpHP, HP Product Security Response Team (PSRT)HP:C05158555
HistoryJun 01, 2016 - 12:00 a.m.

HPSBHF3548 rev.2 - Linux Kernel Flaw, ASN.1 DER decoder for x509 certificate DER files

2016-06-0100:00:00
HP, HP Product Security Response Team (PSRT)
support.hp.com
16

0.0004 Low

EPSS

Percentile

10.1%

Potential Security Impact

System downtime, or privilege escalation.

**Source:**HP, HP Product Security Response Team (PSRT)

Reported by: HP

VULNERABILITY SUMMARY

A flaw was found in the way the Linux kernel’s ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate his or her privileges on the system.

RESOLUTION

HP has released the following software updates to resolve the vulnerability. Patches for the affected version of HP ThinPro can be found through the links below: