{"id": "USN-1436-1", "bulletinFamily": "unix", "title": "Libtasn1 vulnerability", "description": "Matthew Hall discovered that Libtasn1 incorrectly handled certain large \nvalues. An attacker could exploit this with a specially crafted ASN.1 \nstructure and cause a denial of service, or possibly execute arbitrary \ncode.", "published": "2012-05-02T00:00:00", "modified": "2012-05-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://ubuntu.com/security/notices/USN-1436-1", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-1569"], "cvelist": ["CVE-2012-1569"], "type": "ubuntu", "lastseen": "2020-07-02T11:42:00", "edition": 5, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-1569"]}, {"type": "amazon", "idList": ["ALAS-2012-060"]}, {"type": "fedora", "idList": ["FEDORA:B6DC621A4C", "FEDORA:C04F321A4E", "FEDORA:67F9F215DA", "FEDORA:47DA822972", "FEDORA:D52E221615", "FEDORA:5061E22977", "FEDORA:F248621418", "FEDORA:E6AB020DAB", "FEDORA:ABEC520592", "FEDORA:59B5221550"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310864155", "OPENVAS:864155", "OPENVAS:831596", "OPENVAS:1361412562310840994", "OPENVAS:1361412562310864437", "OPENVAS:864343", "OPENVAS:864362", "OPENVAS:1361412562310831596", "OPENVAS:1361412562310864129", "OPENVAS:1361412562310864156"]}, {"type": "redhat", "idList": ["RHSA-2012:0428", "RHSA-2012:0488", "RHSA-2012:0531", "RHSA-2012:0427"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0596", "ELSA-2012-0427", "ELSA-2012-0428"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2012-0427.NASL", "FEDORA_2012-4308.NASL", "GENTOO_GLSA-201209-12.NASL", "FEDORA_2012-4451.NASL", "FEDORA_2012-4342.NASL", "SL_20120327_LIBTASN1_ON_SL6_X.NASL", "CENTOS_RHSA-2012-0427.NASL", "MANDRIVA_MDVSA-2012-039.NASL", "UBUNTU_USN-1436-1.NASL", "ALA_ALAS-2012-60.NASL"]}, {"type": "freebsd", "idList": ["2E7E9072-73A0-11E1-A883-001CC0A36E12"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12381", "SECURITYVULNS:DOC:28080"]}, {"type": "gentoo", "idList": ["GLSA-201209-12"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2440-1:828AA"]}, {"type": "centos", "idList": ["CESA-2012:0427", "CESA-2012:0428"]}, {"type": "slackware", "idList": ["SSA-2013-287-03"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0320-1"]}, {"type": "vmware", "idList": ["VMSA-2012-0013"]}], "modified": "2020-07-02T11:42:00", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2020-07-02T11:42:00", "rev": 2}, "vulnersScore": 7.6}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "11.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libtasn1-3", "packageVersion": "2.7-1ubuntu1.1"}, {"OS": "Ubuntu", "OSVersion": "8.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libtasn1-3", "packageVersion": "1.1-1ubuntu0.1"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libtasn1-3", "packageVersion": "2.10-1ubuntu1.1"}, {"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libtasn1-3", "packageVersion": "2.4-1ubuntu0.1"}, {"OS": "Ubuntu", "OSVersion": "11.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libtasn1-3", "packageVersion": "2.9-4ubuntu0.1"}], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T19:47:18", "description": "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.", "edition": 5, "cvss3": {}, "published": "2012-03-26T19:55:00", "title": "CVE-2012-1569", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:gnu:gnutls:1.2.11", "cpe:/a:gnu:gnutls:1.0.16", "cpe:/a:gnu:gnutls:2.1.3", "cpe:/a:gnu:libtasn1:0.2.8", "cpe:/a:gnu:libtasn1:0.2.10", "cpe:/a:gnu:gnutls:1.7.19", "cpe:/a:gnu:gnutls:2.8.3", "cpe:/a:gnu:gnutls:1.5.5", "cpe:/a:gnu:gnutls:1.0.25", "cpe:/a:gnu:gnutls:1.2.4", "cpe:/a:gnu:gnutls:1.7.10", "cpe:/a:gnu:gnutls:1.6.3", "cpe:/a:gnu:libtasn1:0.2.6", "cpe:/a:gnu:gnutls:1.6.0", "cpe:/a:gnu:gnutls:2.2.0", "cpe:/a:gnu:gnutls:1.1.23", "cpe:/a:gnu:gnutls:2.12.13", "cpe:/a:gnu:gnutls:1.7.6", "cpe:/a:gnu:libtasn1:1.7", "cpe:/a:gnu:gnutls:1.7.0", "cpe:/a:gnu:gnutls:2.1.7", "cpe:/a:gnu:gnutls:1.0.17", "cpe:/a:gnu:gnutls:2.4.0", "cpe:/a:gnu:gnutls:2.1.5", "cpe:/a:gnu:libtasn1:0.3.0", "cpe:/a:gnu:gnutls:2.1.2", "cpe:/a:gnu:gnutls:2.3.9", "cpe:/a:gnu:libtasn1:0.2.16", "cpe:/a:gnu:gnutls:2.4.1", "cpe:/a:gnu:gnutls:1.3.0", "cpe:/a:gnu:gnutls:1.0.24", "cpe:/a:gnu:libtasn1:0.2.1", "cpe:/a:gnu:gnutls:2.10.2", "cpe:/a:gnu:gnutls:1.7.15", "cpe:/a:gnu:gnutls:1.1.15", "cpe:/a:gnu:gnutls:1.1.13", "cpe:/a:gnu:gnutls:1.6.2", "cpe:/a:gnu:gnutls:1.5.1", "cpe:/a:gnu:gnutls:2.5.0", "cpe:/a:gnu:libtasn1:0.2.15", "cpe:/a:gnu:gnutls:3.0.1", "cpe:/a:gnu:gnutls:1.0.20", "cpe:/a:gnu:libtasn1:0.3.10", "cpe:/a:gnu:libtasn1:2.5", "cpe:/a:gnu:gnutls:2.12.8", "cpe:/a:gnu:gnutls:1.3.3", "cpe:/a:gnu:libtasn1:1.0", "cpe:/a:gnu:gnutls:1.7.13", "cpe:/a:gnu:gnutls:2.2.4", "cpe:/a:gnu:gnutls:1.7.7", "cpe:/a:gnu:gnutls:1.2.8.1a1", "cpe:/a:gnu:gnutls:2.12.9", "cpe:/a:gnu:gnutls:1.4.2", "cpe:/a:gnu:gnutls:2.3.5", "cpe:/a:gnu:libtasn1:2.4", "cpe:/a:gnu:gnutls:2.1.4", "cpe:/a:gnu:gnutls:3.0.9", "cpe:/a:gnu:gnutls:2.0.0", "cpe:/a:gnu:libtasn1:0.3.7", "cpe:/a:gnu:libtasn1:2.1", "cpe:/a:gnu:gnutls:2.3.7", "cpe:/a:gnu:gnutls:2.6.1", "cpe:/a:gnu:gnutls:2.0.3", "cpe:/a:gnu:libtasn1:2.0", "cpe:/a:gnu:libtasn1:2.9", "cpe:/a:gnu:libtasn1:0.3.4", "cpe:/a:gnu:gnutls:2.12.11", "cpe:/a:gnu:gnutls:1.4.0", "cpe:/a:gnu:gnutls:1.4.3", "cpe:/a:gnu:gnutls:3.0.4", "cpe:/a:gnu:gnutls:2.12.6.1", "cpe:/a:gnu:libtasn1:0.2.11", "cpe:/a:gnu:gnutls:3.0.8", "cpe:/a:gnu:gnutls:1.2.7", "cpe:/a:gnu:gnutls:1.1.20", "cpe:/a:gnu:libtasn1:2.11", "cpe:/a:gnu:gnutls:1.2.2", "cpe:/a:gnu:gnutls:1.3.5", "cpe:/a:gnu:gnutls:3.0.0", "cpe:/a:gnu:gnutls:1.7.5", "cpe:/a:gnu:gnutls:2.2.3", "cpe:/a:gnu:libtasn1:0.2.13", "cpe:/a:gnu:gnutls:1.7.12", "cpe:/a:gnu:libtasn1:0.2.7", "cpe:/a:gnu:gnutls:1.0.23", "cpe:/a:gnu:gnutls:2.3.1", "cpe:/a:gnu:gnutls:2.10.1", "cpe:/a:gnu:gnutls:3.0.15", "cpe:/a:gnu:gnutls:1.7.18", "cpe:/a:gnu:gnutls:1.1.17", "cpe:/a:gnu:gnutls:2.8.5", "cpe:/a:gnu:gnutls:3.0.6", "cpe:/a:gnu:libtasn1:0.3.2", "cpe:/a:gnu:gnutls:2.12.5", "cpe:/a:gnu:gnutls:1.7.2", "cpe:/a:gnu:gnutls:1.5.3", "cpe:/a:gnu:gnutls:1.4.4", "cpe:/a:gnu:gnutls:2.3.0", "cpe:/a:gnu:libtasn1:2.10", "cpe:/a:gnu:gnutls:1.2.0", "cpe:/a:gnu:gnutls:2.3.3", "cpe:/a:gnu:gnutls:2.4.2", "cpe:/a:gnu:libtasn1:0.3.9", "cpe:/a:gnu:gnutls:1.6.1", "cpe:/a:gnu:gnutls:1.7.17", "cpe:/a:gnu:libtasn1:2.8", "cpe:/a:gnu:libtasn1:1.8", "cpe:/a:gnu:gnutls:3.0.2", "cpe:/a:gnu:gnutls:1.7.16", "cpe:/a:gnu:gnutls:1.1.22", "cpe:/a:gnu:gnutls:2.3.10", "cpe:/a:gnu:gnutls:1.7.8", "cpe:/a:gnu:gnutls:2.7.4", "cpe:/a:gnu:libtasn1:0.1.0", "cpe:/a:gnu:gnutls:1.2.6", "cpe:/a:gnu:gnutls:2.10.3", "cpe:/a:gnu:gnutls:1.1.19", "cpe:/a:gnu:gnutls:2.8.1", "cpe:/a:gnu:gnutls:2.1.8", "cpe:/a:gnu:gnutls:1.7.14", "cpe:/a:gnu:libtasn1:2.2", "cpe:/a:gnu:gnutls:2.4.3", "cpe:/a:gnu:gnutls:1.5.0", "cpe:/a:gnu:gnutls:1.5.4", "cpe:/a:gnu:gnutls:1.4.5", "cpe:/a:gnu:libtasn1:2.7", "cpe:/a:gnu:gnutls:2.6.2", "cpe:/a:gnu:libtasn1:0.2.14", "cpe:/a:gnu:libtasn1:0.2.2", "cpe:/a:gnu:libtasn1:0.2.4", "cpe:/a:gnu:gnutls:2.8.4", "cpe:/a:gnu:gnutls:1.7.11", "cpe:/a:gnu:gnutls:2.12.2", "cpe:/a:gnu:gnutls:2.12.7", "cpe:/a:gnu:libtasn1:1.6", "cpe:/a:gnu:libtasn1:2.3", "cpe:/a:gnu:gnutls:2.6.6", "cpe:/a:gnu:libtasn1:0.2.17", "cpe:/a:gnu:libtasn1:0.3.5", "cpe:/a:gnu:gnutls:2.8.6", "cpe:/a:gnu:gnutls:2.12.14", "cpe:/a:gnu:gnutls:2.12.6", "cpe:/a:gnu:gnutls:3.0.13", "cpe:/a:gnu:gnutls:2.12.3", "cpe:/a:gnu:gnutls:2.0.1", "cpe:/a:gnu:libtasn1:1.5", "cpe:/a:gnu:gnutls:2.12.12", "cpe:/a:gnu:gnutls:2.8.2", "cpe:/a:gnu:gnutls:2.10.5", "cpe:/a:gnu:gnutls:2.10.0", "cpe:/a:gnu:gnutls:1.0.18", "cpe:/a:gnu:gnutls:2.6.4", "cpe:/a:gnu:gnutls:3.0.7", "cpe:/a:gnu:libtasn1:0.1.1", "cpe:/a:gnu:libtasn1:1.4", "cpe:/a:gnu:gnutls:1.1.14", "cpe:/a:gnu:gnutls:2.3.6", "cpe:/a:gnu:libtasn1:0.2.12", "cpe:/a:gnu:gnutls:2.12.4", "cpe:/a:gnu:gnutls:1.2.8", "cpe:/a:gnu:libtasn1:1.1", "cpe:/a:gnu:libtasn1:0.2.18", "cpe:/a:gnu:gnutls:1.1.18", "cpe:/a:gnu:gnutls:2.3.11", "cpe:/a:gnu:gnutls:1.2.10", "cpe:/a:gnu:gnutls:2.12.1", "cpe:/a:gnu:gnutls:1.3.1", "cpe:/a:gnu:gnutls:2.2.5", "cpe:/a:gnu:gnutls:2.3.4", "cpe:/a:gnu:libtasn1:1.2", "cpe:/a:gnu:gnutls:1.4.1", "cpe:/a:gnu:gnutls:2.6.0", "cpe:/a:gnu:gnutls:1.3.2", "cpe:/a:gnu:gnutls:3.0.14", "cpe:/a:gnu:gnutls:2.0.4", "cpe:/a:gnu:gnutls:2.1.6", "cpe:/a:gnu:gnutls:2.2.2", "cpe:/a:gnu:gnutls:1.5.2", "cpe:/a:gnu:libtasn1:0.3.6", "cpe:/a:gnu:gnutls:1.7.9", "cpe:/a:gnu:libtasn1:0.2.3", "cpe:/a:gnu:gnutls:2.6.3", "cpe:/a:gnu:gnutls:2.0.2", "cpe:/a:gnu:gnutls:3.0.11", "cpe:/a:gnu:libtasn1:0.1.2", "cpe:/a:gnu:gnutls:1.2.1", "cpe:/a:gnu:gnutls:1.7.4", "cpe:/a:gnu:gnutls:2.6.5", "cpe:/a:gnu:libtasn1:0.2.5", "cpe:/a:gnu:gnutls:2.1.0", "cpe:/a:gnu:gnutls:2.8.0", "cpe:/a:gnu:gnutls:3.0", "cpe:/a:gnu:libtasn1:1.3", "cpe:/a:gnu:libtasn1:0.3.3", "cpe:/a:gnu:libtasn1:0.2.9", "cpe:/a:gnu:gnutls:2.12.0", "cpe:/a:gnu:gnutls:1.0.22", "cpe:/a:gnu:libtasn1:0.2.0", "cpe:/a:gnu:gnutls:2.1.1", "cpe:/a:gnu:gnutls:2.3.8", "cpe:/a:gnu:gnutls:2.2.1", "cpe:/a:gnu:gnutls:1.1.21", "cpe:/a:gnu:gnutls:1.2.3", "cpe:/a:gnu:gnutls:2.10.4", "cpe:/a:gnu:libtasn1:2.6", "cpe:/a:gnu:libtasn1:0.3.1", "cpe:/a:gnu:gnutls:2.12.10", "cpe:/a:gnu:gnutls:3.0.10", "cpe:/a:gnu:gnutls:1.1.16", "cpe:/a:gnu:gnutls:3.0.12", "cpe:/a:gnu:libtasn1:0.3.8", "cpe:/a:gnu:gnutls:1.2.9", "cpe:/a:gnu:gnutls:1.0.19", "cpe:/a:gnu:gnutls:2.3.2", "cpe:/a:gnu:gnutls:1.7.1", "cpe:/a:gnu:gnutls:1.3.4", "cpe:/a:gnu:gnutls:1.0.21", "cpe:/a:gnu:gnutls:3.0.3", "cpe:/a:gnu:gnutls:3.0.5", "cpe:/a:gnu:gnutls:1.2.5", "cpe:/a:gnu:gnutls:1.7.3"], "id": "CVE-2012-1569", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1569", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*"]}], "amazon": [{"lastseen": "2020-11-10T12:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "**Issue Overview:**\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. ([CVE-2012-1569 __](<https://access.redhat.com/security/cve/CVE-2012-1569>))\n\n \n**Affected Packages:** \n\n\nlibtasn1\n\n \n**Issue Correction:** \nRun _yum update libtasn1_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libtasn1-tools-2.3-3.4.amzn1.i686 \n libtasn1-debuginfo-2.3-3.4.amzn1.i686 \n libtasn1-2.3-3.4.amzn1.i686 \n libtasn1-devel-2.3-3.4.amzn1.i686 \n \n src: \n libtasn1-2.3-3.4.amzn1.src \n \n x86_64: \n libtasn1-debuginfo-2.3-3.4.amzn1.x86_64 \n libtasn1-tools-2.3-3.4.amzn1.x86_64 \n libtasn1-2.3-3.4.amzn1.x86_64 \n libtasn1-devel-2.3-3.4.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2012-04-05T12:48:00", "published": "2012-04-05T12:48:00", "id": "ALAS-2012-060", "href": "https://alas.aws.amazon.com/ALAS-2012-60.html", "title": "Important: libtasn1", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:10:29", "description": "This update fixes a a DER decoding buffer overflow in the MinGW cross\ncompiled libtasn1 and gnutls packages. The mingw-gnutls build also\nswitches to using the system libtasn1 library instead of its bundled\ncopy.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-04-12T00:00:00", "title": "Fedora 17 : mingw-gnutls-2.12.17-1.fc17 / mingw-libtasn1-2.12-1.fc17 / mingw-p11-kit-0.12-1.fc17 (2012-4451)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "modified": "2012-04-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:mingw-libtasn1", "p-cpe:/a:fedoraproject:fedora:mingw-gnutls", "p-cpe:/a:fedoraproject:fedora:mingw-p11-kit"], "id": "FEDORA_2012-4451.NASL", "href": "https://www.tenable.com/plugins/nessus/58693", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4451.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58693);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_xref(name:\"FEDORA\", value:\"2012-4451\");\n\n script_name(english:\"Fedora 17 : mingw-gnutls-2.12.17-1.fc17 / mingw-libtasn1-2.12-1.fc17 / mingw-p11-kit-0.12-1.fc17 (2012-4451)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a a DER decoding buffer overflow in the MinGW cross\ncompiled libtasn1 and gnutls packages. The mingw-gnutls build also\nswitches to using the system libtasn1 library instead of its bundled\ncopy.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=804920\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ff3b25fb\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077285.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4bb52203\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077286.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8cbccc7e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected mingw-gnutls, mingw-libtasn1 and / or\nmingw-p11-kit packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-p11-kit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"mingw-gnutls-2.12.17-1.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"mingw-libtasn1-2.12-1.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"mingw-p11-kit-0.12-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-gnutls / mingw-libtasn1 / mingw-p11-kit\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:10:29", "description": "This update fixes a a DER decoding buffer overflow in the MinGW cross\ncompiled libtasn1 and gnutls packages. The mingw-gnutls build also\nswitches to using the system libtasn1 library instead of its bundled\ncopy.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-04-02T00:00:00", "title": "Fedora 16 : mingw-libtasn1-2.12-1.fc16 / mingw32-gnutls-2.12.14-3.fc16 (2012-4409)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "modified": "2012-04-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:16", "p-cpe:/a:fedoraproject:fedora:mingw-libtasn1", "p-cpe:/a:fedoraproject:fedora:mingw32-gnutls"], "id": "FEDORA_2012-4409.NASL", "href": "https://www.tenable.com/plugins/nessus/58551", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4409.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58551);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_xref(name:\"FEDORA\", value:\"2012-4409\");\n\n script_name(english:\"Fedora 16 : mingw-libtasn1-2.12-1.fc16 / mingw32-gnutls-2.12.14-3.fc16 (2012-4409)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a a DER decoding buffer overflow in the MinGW cross\ncompiled libtasn1 and gnutls packages. The mingw-gnutls build also\nswitches to using the system libtasn1 library instead of its bundled\ncopy.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=804920\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/076698.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?71af81f8\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?09c65976\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-libtasn1 and / or mingw32-gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw32-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"mingw-libtasn1-2.12-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"mingw32-gnutls-2.12.14-3.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libtasn1 / mingw32-gnutls\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:10:29", "description": "New upstream package with minor improvements and security fix.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-04-12T00:00:00", "title": "Fedora 17 : libtasn1-2.12-1.fc17 (2012-4357)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "modified": "2012-04-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:libtasn1"], "id": "FEDORA_2012-4357.NASL", "href": "https://www.tenable.com/plugins/nessus/58692", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4357.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58692);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_xref(name:\"FEDORA\", value:\"2012-4357\");\n\n script_name(english:\"Fedora 17 : libtasn1-2.12-1.fc17 (2012-4357)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream package with minor improvements and security fix.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=804920\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?91bca0d0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtasn1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"libtasn1-2.12-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:10:28", "description": "New upstream package with minor improvements and security fix.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-04-09T00:00:00", "title": "Fedora 15 : libtasn1-2.12-1.fc15 (2012-4308)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "modified": "2012-04-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:15", "p-cpe:/a:fedoraproject:fedora:libtasn1"], "id": "FEDORA_2012-4308.NASL", "href": "https://www.tenable.com/plugins/nessus/58626", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4308.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58626);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_bugtraq_id(52668);\n script_xref(name:\"FEDORA\", value:\"2012-4308\");\n\n script_name(english:\"Fedora 15 : libtasn1-2.12-1.fc15 (2012-4308)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream package with minor improvements and security fix.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=804920\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f15a0eef\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtasn1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"libtasn1-2.12-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:47:23", "description": "Matthew Hall discovered that many callers of the asn1_get_length_der\nfunction did not check the result against the overall buffer length\nbefore processing it further. This could result in out-of-bounds\nmemory accesses and application crashes. Applications using GNUTLS are\nexposed to this issue.", "edition": 17, "published": "2012-03-26T00:00:00", "title": "Debian DSA-2440-1 : libtasn1-3 - missing bounds check", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "modified": "2012-03-26T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libtasn1-3"], "id": "DEBIAN_DSA-2440.NASL", "href": "https://www.tenable.com/plugins/nessus/58459", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2440. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58459);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_bugtraq_id(52668);\n script_xref(name:\"DSA\", value:\"2440\");\n\n script_name(english:\"Debian DSA-2440-1 : libtasn1-3 - missing bounds check\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matthew Hall discovered that many callers of the asn1_get_length_der\nfunction did not check the result against the overall buffer length\nbefore processing it further. This could result in out-of-bounds\nmemory accesses and application crashes. Applications using GNUTLS are\nexposed to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/libtasn1-3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2440\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libtasn1-3 packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7-1+squeeze+1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtasn1-3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libtasn1-3\", reference:\"2.7-1+squeeze+1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtasn1-3-bin\", reference:\"2.7-1+squeeze+1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtasn1-3-dbg\", reference:\"2.7-1+squeeze+1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtasn1-3-dev\", reference:\"2.7-1+squeeze+1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:10:29", "description": "New upstream package with minor improvements and security fix.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-04-09T00:00:00", "title": "Fedora 16 : libtasn1-2.12-1.fc16 (2012-4342)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "modified": "2012-04-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:16", "p-cpe:/a:fedoraproject:fedora:libtasn1"], "id": "FEDORA_2012-4342.NASL", "href": "https://www.tenable.com/plugins/nessus/58627", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4342.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58627);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_bugtraq_id(52668);\n script_xref(name:\"FEDORA\", value:\"2012-4342\");\n\n script_name(english:\"Fedora 16 : libtasn1-2.12-1.fc16 (2012-4342)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream package with minor improvements and security fix.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=804920\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78979cde\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtasn1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"libtasn1-2.12-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:10:29", "description": "This update fixes a a DER decoding buffer overflow in the MinGW cross\ncompiled libtasn1 and gnutls packages. The mingw-gnutls build also\nswitches to using the system libtasn1 library instead of its bundled\ncopy.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-04-13T00:00:00", "title": "Fedora 15 : mingw-libtasn1-2.12-1.fc15 / mingw32-gnutls-2.10.5-2.fc15 (2012-4417)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "modified": "2012-04-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-libtasn1", "cpe:/o:fedoraproject:fedora:15", "p-cpe:/a:fedoraproject:fedora:mingw32-gnutls"], "id": "FEDORA_2012-4417.NASL", "href": "https://www.tenable.com/plugins/nessus/58730", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4417.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58730);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_xref(name:\"FEDORA\", value:\"2012-4417\");\n\n script_name(english:\"Fedora 15 : mingw-libtasn1-2.12-1.fc15 / mingw32-gnutls-2.10.5-2.fc15 (2012-4417)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a a DER decoding buffer overflow in the MinGW cross\ncompiled libtasn1 and gnutls packages. The mingw-gnutls build also\nswitches to using the system libtasn1 library instead of its bundled\ncopy.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=804920\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/078206.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21b84722\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d71f162\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-libtasn1 and / or mingw32-gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw32-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"mingw-libtasn1-2.12-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"mingw32-gnutls-2.10.5-2.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libtasn1 / mingw32-gnutls\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-25T09:14:02", "description": "Updated libtasn1 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nlibtasn1 is a library developed for ASN.1 (Abstract Syntax Notation\nOne) structures management that includes DER (Distinguished Encoding\nRules) encoding and decoding.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create carefully-crafted DER encoded input (such as an X.509\ncertificate) that, when parsed by an application that uses libtasn1\n(such as applications using GnuTLS), could cause the application to\ncrash. (CVE-2012-1569)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nthis issue.\n\nUsers of libtasn1 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all applications linked to the libtasn1 library must\nbe restarted, or the system rebooted.", "edition": 20, "published": "2012-03-28T00:00:00", "title": "RHEL 6 : libtasn1 (RHSA-2012:0427)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "modified": "2012-03-28T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libtasn1-tools", "p-cpe:/a:redhat:enterprise_linux:libtasn1", "p-cpe:/a:redhat:enterprise_linux:libtasn1-devel", "cpe:/o:redhat:enterprise_linux:6.2", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:libtasn1-debuginfo"], "id": "REDHAT-RHSA-2012-0427.NASL", "href": "https://www.tenable.com/plugins/nessus/58508", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0427. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58508);\n script_version (\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_bugtraq_id(52668);\n script_xref(name:\"RHSA\", value:\"2012:0427\");\n\n script_name(english:\"RHEL 6 : libtasn1 (RHSA-2012:0427)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libtasn1 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nlibtasn1 is a library developed for ASN.1 (Abstract Syntax Notation\nOne) structures management that includes DER (Distinguished Encoding\nRules) encoding and decoding.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create carefully-crafted DER encoded input (such as an X.509\ncertificate) that, when parsed by an application that uses libtasn1\n(such as applications using GnuTLS), could cause the application to\ncrash. (CVE-2012-1569)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nthis issue.\n\nUsers of libtasn1 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all applications linked to the libtasn1 library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1569\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtasn1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtasn1-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0427\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"libtasn1-2.3-3.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libtasn1-debuginfo-2.3-3.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libtasn1-devel-2.3-3.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libtasn1-tools-2.3-3.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libtasn1-tools-2.3-3.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libtasn1-tools-2.3-3.el6_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1 / libtasn1-debuginfo / libtasn1-devel / libtasn1-tools\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:54:27", "description": "The remote host is affected by the vulnerability described in GLSA-201209-12\n(Libtasn1: Denial of Service)\n\n Libtasn1 does not properly handle length fields when performing DER\n decoding.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted\n DER-encoded object in an application linked against Libtasn1, possibly\n resulting in Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "published": "2012-09-26T00:00:00", "title": "GLSA-201209-12 : Libtasn1: Denial of Service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "modified": "2012-09-26T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libtasn1"], "id": "GENTOO_GLSA-201209-12.NASL", "href": "https://www.tenable.com/plugins/nessus/62302", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201209-12.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62302);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_bugtraq_id(52668);\n script_xref(name:\"GLSA\", value:\"201209-12\");\n\n script_name(english:\"GLSA-201209-12 : Libtasn1: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201209-12\n(Libtasn1: Denial of Service)\n\n Libtasn1 does not properly handle length fields when performing DER\n decoding.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted\n DER-encoded object in an application linked against Libtasn1, possibly\n resulting in Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201209-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Libtasn1 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/libtasn1-2.12'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying some of these packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/libtasn1\", unaffected:make_list(\"ge 2.12\"), vulnerable:make_list(\"lt 2.12\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Libtasn1\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:53:37", "description": "A vulnerability has been found and corrected in libtasn1 :\n\nThe asn1_get_length_der function in decoding.c in GNU Libtasn1 before\n2.12, as used in GnuTLS before 3.0.16 and other products, does not\nproperly handle certain large length values, which allows remote\nattackers to cause a denial of service (heap memory corruption and\napplication crash) or possibly have unspecified other impact via a\ncrafted ASN.1 structure (CVE-2012-1569).\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2012-03-27T00:00:00", "title": "Mandriva Linux Security Advisory : libtasn1 (MDVSA-2012:039)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "modified": "2012-03-27T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:libtasn1-devel", "p-cpe:/a:mandriva:linux:libtasn1_3", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:libtasn1-tools", "p-cpe:/a:mandriva:linux:lib64tasn1-devel", "p-cpe:/a:mandriva:linux:lib64tasn1_3"], "id": "MANDRIVA_MDVSA-2012-039.NASL", "href": "https://www.tenable.com/plugins/nessus/58491", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:039. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58491);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_bugtraq_id(52668);\n script_xref(name:\"MDVSA\", value:\"2012:039\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libtasn1 (MDVSA-2012:039)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in libtasn1 :\n\nThe asn1_get_length_der function in decoding.c in GNU Libtasn1 before\n2.12, as used in GnuTLS before 3.0.16 and other products, does not\nproperly handle certain large length values, which allows remote\nattackers to cause a denial of service (heap memory corruption and\napplication crash) or possibly have unspecified other impact via a\ncrafted ASN.1 structure (CVE-2012-1569).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tasn1_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtasn1-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtasn1_3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64tasn1-devel-2.6-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64tasn1_3-2.6-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libtasn1-devel-2.6-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"libtasn1-tools-2.6-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libtasn1_3-2.6-2.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64tasn1-devel-2.9-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64tasn1_3-2.9-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libtasn1-devel-2.9-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"libtasn1-tools-2.9-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libtasn1_3-2.9-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-03-17T23:03:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120586", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120586", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2012-60)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120586\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:30:09 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-60)\");\n script_tag(name:\"insight\", value:\"A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569 )\");\n script_tag(name:\"solution\", value:\"Run yum update libtasn1 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-60.html\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~2.3~3.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1-debuginfo\", rpm:\"libtasn1-debuginfo~2.3~3.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.3~3.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~2.3~3.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "description": "The remote host is missing an update to libtasn1-3\nannounced via advisory DSA 2440-1.", "modified": "2019-03-18T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071243", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071243", "type": "openvas", "title": "Debian Security Advisory DSA 2440-1 (libtasn1-3)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2440_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2440-1 (libtasn1-3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71243\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1569\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:55:04 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2440-1 (libtasn1-3)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202440-1\");\n script_tag(name:\"insight\", value:\"Matthew Hall discovered that many callers of the asn1_get_length_der\nfunction did not check the result against the overall buffer length\nbefore processing it further. This could result in out-of-bounds\nmemory accesses and application crashes. Applications using GNUTLS\nare exposed to this issue.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7-1+squeeze+1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your libtasn1-3 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to libtasn1-3\nannounced via advisory DSA 2440-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtasn1-3\", ver:\"2.7-1+squeeze+1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtasn1-3-bin\", ver:\"2.7-1+squeeze+1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtasn1-3-dbg\", ver:\"2.7-1+squeeze+1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtasn1-3-dev\", ver:\"2.7-1+squeeze+1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-11T00:00:00", "id": "OPENVAS:1361412562310864139", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864139", "type": "openvas", "title": "Fedora Update for libtasn1 FEDORA-2012-4342", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtasn1 FEDORA-2012-4342\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864139\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:47:32 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4342\");\n script_name(\"Fedora Update for libtasn1 FEDORA-2012-4342\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtasn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"libtasn1 on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.12~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-02T10:56:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "description": "Check for the Version of libtasn1", "modified": "2017-12-26T00:00:00", "published": "2012-04-11T00:00:00", "id": "OPENVAS:864142", "href": "http://plugins.openvas.org/nasl.php?oid=864142", "type": "openvas", "title": "Fedora Update for libtasn1 FEDORA-2012-4308", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtasn1 FEDORA-2012-4308\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"libtasn1 on Fedora 15\";\ntag_insight = \"This is the ASN.1 library used in GNUTLS. More up to date information can\n be found at <A HREF= &qt http://www.gnu.org/software/gnutls &qt >http://www.gnu.org/software/gnutls</A> and <A HREF= &qt http://www.gnutls.org &qt >http://www.gnutls.org</A>\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html\");\n script_id(864142);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:47:56 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-4308\");\n script_name(\"Fedora Update for libtasn1 FEDORA-2012-4308\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtasn1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.12~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-11T00:00:00", "id": "OPENVAS:1361412562310864142", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864142", "type": "openvas", "title": "Fedora Update for libtasn1 FEDORA-2012-4308", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtasn1 FEDORA-2012-4308\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864142\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:47:56 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4308\");\n script_name(\"Fedora Update for libtasn1 FEDORA-2012-4308\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtasn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"libtasn1 on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.12~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881171", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881171", "type": "openvas", "title": "CentOS Update for libtasn1 CESA-2012:0427 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libtasn1 CESA-2012:0427 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-March/018531.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881171\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:32:28 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0427\");\n script_name(\"CentOS Update for libtasn1 CESA-2012:0427 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtasn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"libtasn1 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"libtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One)\n structures management that includes DER (Distinguished Encoding Rules)\n encoding and decoding.\n\n A flaw was found in the way libtasn1 decoded DER data. An attacker could\n create carefully-crafted DER encoded input (such as an X.509 certificate)\n that, when parsed by an application that uses libtasn1 (such as\n applications using GnuTLS), could cause the application to crash.\n (CVE-2012-1569)\n\n Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting this\n issue.\n\n Users of libtasn1 are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. For the update to take\n effect, all applications linked to the libtasn1 library must be restarted,\n or the system rebooted.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.3~3.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~2.3~3.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~2.3~3.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864343", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864343", "type": "openvas", "title": "Fedora Update for libtasn1 FEDORA-2012-4357", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtasn1 FEDORA-2012-4357\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864343\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:04:09 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4357\");\n script_name(\"Fedora Update for libtasn1 FEDORA-2012-4357\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtasn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"libtasn1 on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.12~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864437", "type": "openvas", "title": "Fedora Update for mingw-gnutls FEDORA-2012-4451", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-gnutls FEDORA-2012-4451\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077285.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864437\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:09:44 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4451\");\n script_name(\"Fedora Update for mingw-gnutls FEDORA-2012-4451\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"mingw-gnutls on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-gnutls\", rpm:\"mingw-gnutls~2.12.17~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-11T11:07:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "description": "Check for the Version of libtasn1", "modified": "2018-01-10T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:831596", "href": "http://plugins.openvas.org/nasl.php?oid=831596", "type": "openvas", "title": "Mandriva Update for libtasn1 MDVSA-2012:039 (libtasn1)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libtasn1 MDVSA-2012:039 (libtasn1)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in libtasn1:\n\n The asn1_get_length_der function in decoding.c in GNU Libtasn1 before\n 2.12, as used in GnuTLS before 3.0.16 and other products, does not\n properly handle certain large length values, which allows remote\n attackers to cause a denial of service (heap memory corruption and\n application crash) or possibly have unspecified other impact via a\n crafted ASN.1 structure (CVE-2012-1569).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"libtasn1 on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:039\");\n script_id(831596);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:52:39 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:039\");\n script_name(\"Mandriva Update for libtasn1 MDVSA-2012:039 (libtasn1)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtasn1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1_3\", rpm:\"libtasn1_3~2.9~2.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~2.9~2.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~2.9~2.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1_3\", rpm:\"lib64tasn1_3~2.9~2.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1-devel\", rpm:\"lib64tasn1-devel~2.9~2.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1_3\", rpm:\"libtasn1_3~1.5~2.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~1.5~2.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~1.5~2.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1_3\", rpm:\"lib64tasn1_3~1.5~2.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1-devel\", rpm:\"lib64tasn1-devel~1.5~2.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1_3\", rpm:\"libtasn1_3~2.6~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~2.6~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~2.6~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1_3\", rpm:\"lib64tasn1_3~2.6~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1-devel\", rpm:\"lib64tasn1-devel~2.6~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1569"], "description": "Check for the Version of mingw-libtasn1", "modified": "2018-01-02T00:00:00", "published": "2012-04-13T00:00:00", "id": "OPENVAS:864155", "href": "http://plugins.openvas.org/nasl.php?oid=864155", "type": "openvas", "title": "Fedora Update for mingw-libtasn1 FEDORA-2012-4417", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libtasn1 FEDORA-2012-4417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"libtasn1 is the ASN.1 library used in GNUTLS.\n\n This package contains the MinGW Windows cross compiled libtasn1 library.\";\n\ntag_affected = \"mingw-libtasn1 on Fedora 15\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html\");\n script_id(864155);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:32:20 +0530 (Fri, 13 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-4417\");\n script_name(\"Fedora Update for mingw-libtasn1 FEDORA-2012-4417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw-libtasn1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libtasn1\", rpm:\"mingw-libtasn1~2.12~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "libtasn1 is the ASN.1 library used in GNUTLS. This package contains the MinGW Windows cross compiled libtasn1 library. ", "modified": "2012-04-12T11:29:24", "published": "2012-04-12T11:29:24", "id": "FEDORA:5061E22977", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: mingw-libtasn1-2.12-1.fc15", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "This is the ASN.1 library used in GNUTLS. More up to date information can be found at http://www.gnu.org/software/gnutls and http://www.gnutls.org ", "modified": "2012-04-06T21:31:23", "published": "2012-04-06T21:31:23", "id": "FEDORA:F248621418", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: libtasn1-2.12-1.fc16", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW. ", "modified": "2012-04-12T01:58:31", "published": "2012-04-12T01:58:31", "id": "FEDORA:C04F321A4E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mingw-gnutls-2.12.17-1.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "This is the ASN.1 library used in GNUTLS. More up to date information can be found at http://www.gnu.org/software/gnutls and http://www.gnutls.org ", "modified": "2012-04-12T02:05:57", "published": "2012-04-12T02:05:57", "id": "FEDORA:D52E221615", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: libtasn1-2.12-1.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "This is the ASN.1 library used in GNUTLS. More up to date information can be found at http://www.gnu.org/software/gnutls and http://www.gnutls.org ", "modified": "2012-04-06T21:28:08", "published": "2012-04-06T21:28:08", "id": "FEDORA:E6AB020DAB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: libtasn1-2.12-1.fc15", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "libtasn1 is the ASN.1 library used in GNUTLS. This package contains the MinGW Windows cross compiled libtasn1 library. ", "modified": "2012-03-31T03:19:25", "published": "2012-03-31T03:19:25", "id": "FEDORA:67F9F215DA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: mingw-libtasn1-2.12-1.fc16", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW. ", "modified": "2012-03-31T03:19:25", "published": "2012-03-31T03:19:25", "id": "FEDORA:59B5221550", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: mingw32-gnutls-2.12.14-3.fc16", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW. ", "modified": "2012-04-12T11:29:24", "published": "2012-04-12T11:29:24", "id": "FEDORA:47DA822972", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: mingw32-gnutls-2.10.5-2.fc15", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "p11-kit provides a way to load and enumerate PKCS#11 modules, as well as a standard configuration setup for installing PKCS#11 modules in such a way that they're discoverable. This library is cross-compiled for MinGW. ", "modified": "2012-04-12T01:58:31", "published": "2012-04-12T01:58:31", "id": "FEDORA:B6DC621A4C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mingw-p11-kit-0.12-1.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "libtasn1 is the ASN.1 library used in GNUTLS. This package contains the MinGW Windows cross compiled libtasn1 library. ", "modified": "2012-04-12T01:58:31", "published": "2012-04-12T01:58:31", "id": "FEDORA:ABEC520592", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mingw-libtasn1-2.12-1.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "cvelist": ["CVE-2012-1569"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1436-1\r\nMay 02, 2012\r\n\r\nlibtasn1-3 vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 11.04\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nLibtasn1 could be made to crash or run programs as your login if it\r\nreceived specially crafted input.\r\n\r\nSoftware Description:\r\n- libtasn1-3: Library to manage ASN.1 structures\r\n\r\nDetails:\r\n\r\nMatthew Hall discovered that Libtasn1 incorrectly handled certain large\r\nvalues. An attacker could exploit this with a specially crafted ASN.1\r\nstructure and cause a denial of service, or possibly execute arbitrary\r\ncode.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n libtasn1-3 2.10-1ubuntu1.1\r\n\r\nUbuntu 11.10:\r\n libtasn1-3 2.9-4ubuntu0.1\r\n\r\nUbuntu 11.04:\r\n libtasn1-3 2.7-1ubuntu1.1\r\n\r\nUbuntu 10.04 LTS:\r\n libtasn1-3 2.4-1ubuntu0.1\r\n\r\nUbuntu 8.04 LTS:\r\n libtasn1-3 1.1-1ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1436-1\r\n CVE-2012-1569\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libtasn1-3/2.10-1ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/libtasn1-3/2.9-4ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/libtasn1-3/2.7-1ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/libtasn1-3/2.4-1ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/libtasn1-3/1.1-1ubuntu0.1\r\n", "edition": 1, "modified": "2012-05-14T00:00:00", "published": "2012-05-14T00:00:00", "id": "SECURITYVULNS:DOC:28080", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28080", "title": "[USN-1436-1] Libtasn1 vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "cvelist": ["CVE-2012-1569"], "description": "Memory corruption on some malformed values.", "edition": 1, "modified": "2012-05-14T00:00:00", "published": "2012-05-14T00:00:00", "id": "SECURITYVULNS:VULN:12381", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12381", "title": "libtasn1 / GnuTLS memory corruption", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-12-20T18:26:00", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0427\n\n\nlibtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One)\nstructures management that includes DER (Distinguished Encoding Rules)\nencoding and decoding.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could\ncreate carefully-crafted DER encoded input (such as an X.509 certificate)\nthat, when parsed by an application that uses libtasn1 (such as\napplications using GnuTLS), could cause the application to crash.\n(CVE-2012-1569)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting this\nissue.\n\nUsers of libtasn1 are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the libtasn1 library must be restarted,\nor the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-March/030569.html\n\n**Affected packages:**\nlibtasn1\nlibtasn1-devel\nlibtasn1-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0427.html", "edition": 3, "modified": "2012-03-28T01:12:20", "published": "2012-03-28T01:12:20", "href": "http://lists.centos.org/pipermail/centos-announce/2012-March/030569.html", "id": "CESA-2012:0427", "title": "libtasn1 security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-20T18:27:06", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0428\n\n\nThe GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1,\na library developed for ASN.1 (Abstract Syntax Notation One) structures\nmanagement that includes DER (Distinguished Encoding Rules) encoding and\ndecoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records. This\ncould cause a TLS/SSL client or server to crash when processing a\nspecially-crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could\ncreate a carefully-crafted X.509 certificate that, when parsed by an\napplication that uses GnuTLS, could cause the application to crash.\n(CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function. A\nmalicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,\npossibly, execute arbitrary code as the client, if the client passed a\nfixed-sized buffer to gnutls_session_get_data() before checking the real\nsize of the session data provided by the server. (CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all applications linked to the GnuTLS library must be restarted, or\nthe system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-March/030567.html\n\n**Affected packages:**\ngnutls\ngnutls-devel\ngnutls-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0428.html", "edition": 3, "modified": "2012-03-28T00:49:15", "published": "2012-03-28T00:49:15", "href": "http://lists.centos.org/pipermail/centos-announce/2012-March/030567.html", "id": "CESA-2012:0428", "title": "gnutls security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:27", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "[2.3-3.1]\n- fix CVE-2012-1569 - missing length check when decoding DER lengths (#804920)", "edition": 4, "modified": "2012-03-27T00:00:00", "published": "2012-03-27T00:00:00", "id": "ELSA-2012-0427", "href": "http://linux.oracle.com/errata/ELSA-2012-0427.html", "title": "libtasn1 security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:25", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "description": "[1.4.1-7.2]\n- fix CVE-2011-4128 - buffer overflow in gnutls_session_get_data() (#752308)\n- fix CVE-2012-1569 - missing length check when decoding DER lengths (#804920)\n- fix CVE-2012-1573 - security issue in packet parsing (#805432)", "edition": 4, "modified": "2012-03-27T00:00:00", "published": "2012-03-27T00:00:00", "id": "ELSA-2012-0428", "href": "http://linux.oracle.com/errata/ELSA-2012-0428.html", "title": "gnutls security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-17T15:28:56", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3468", "CVE-2012-1569", "CVE-2014-3469", "CVE-2014-3467"], "description": "[2.3-6]\n- added check for null pointer (#1102336)\n[2.3-5]\n- fix various DER decoding issues (#1102336)\n[2.3-4]\n- fix CVE-2012-1569 - missing length check when decoding DER lengths (#804920)", "edition": 5, "modified": "2014-06-03T00:00:00", "published": "2014-06-03T00:00:00", "id": "ELSA-2014-0596", "href": "http://linux.oracle.com/errata/ELSA-2014-0596.html", "title": "libtasn1 security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:32", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "edition": 1, "description": "### Background\n\nLibtasn1 is a library used to parse ASN.1 (Abstract Syntax Notation One) objects, and perform DER (Distinguished Encoding Rules) decoding. \n\n### Description\n\nLibtasn1 does not properly handle length fields when performing DER decoding. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted DER-encoded object in an application linked against Libtasn1, possibly resulting in Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Libtasn1 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/libtasn1-2.12\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.", "modified": "2012-09-25T00:00:00", "published": "2012-09-25T00:00:00", "id": "GLSA-201209-12", "href": "https://security.gentoo.org/glsa/201209-12", "type": "gentoo", "title": "Libtasn1: Denial of Service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:29:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2440-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nMarch 24, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libtasn1-3\nVulnerability : missing bounds check\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-1569\n\nMatthew Hall discovered that many callers of the asn1_get_length_der\nfunction did not check the result against the overall buffer length\nbefore processing it further. This could result in out-of-bounds\nmemory accesses and application crashes. Applications using GNUTLS\nare exposed to this issue.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7-1+squeeze+1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12-1.\n\nWe recommend that you upgrade your libtasn1-3 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-03-24T22:23:47", "published": "2012-03-24T22:23:47", "id": "DEBIAN:DSA-2440-1:828AA", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00068.html", "title": "[SECURITY] [DSA 2440-1] libtasn1-3 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:49", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "libtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One)\nstructures management that includes DER (Distinguished Encoding Rules)\nencoding and decoding.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could\ncreate carefully-crafted DER encoded input (such as an X.509 certificate)\nthat, when parsed by an application that uses libtasn1 (such as\napplications using GnuTLS), could cause the application to crash.\n(CVE-2012-1569)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting this\nissue.\n\nUsers of libtasn1 are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the libtasn1 library must be restarted,\nor the system rebooted.\n", "modified": "2018-06-06T20:24:12", "published": "2012-03-27T04:00:00", "id": "RHSA-2012:0427", "href": "https://access.redhat.com/errata/RHSA-2012:0427", "type": "redhat", "title": "(RHSA-2012:0427) Important: libtasn1 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:46:22", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "description": "The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1,\na library developed for ASN.1 (Abstract Syntax Notation One) structures\nmanagement that includes DER (Distinguished Encoding Rules) encoding and\ndecoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records. This\ncould cause a TLS/SSL client or server to crash when processing a\nspecially-crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could\ncreate a carefully-crafted X.509 certificate that, when parsed by an\napplication that uses GnuTLS, could cause the application to crash.\n(CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function. A\nmalicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,\npossibly, execute arbitrary code as the client, if the client passed a\nfixed-sized buffer to gnutls_session_get_data() before checking the real\nsize of the session data provided by the server. (CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all applications linked to the GnuTLS library must be restarted, or\nthe system rebooted.\n", "modified": "2017-09-08T12:11:41", "published": "2012-03-27T04:00:00", "id": "RHSA-2012:0428", "href": "https://access.redhat.com/errata/RHSA-2012:0428", "type": "redhat", "title": "(RHSA-2012:0428) Important: gnutls security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:44:34", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3045", "CVE-2011-4128", "CVE-2012-0864", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1583"], "description": "The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could\ncreate a carefully-crafted X.509 certificate that, when parsed by an\napplication that uses GnuTLS, could cause the application to crash.\n(CVE-2012-1569)\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records. This\ncould cause a TLS/SSL client or server to crash when processing a\nspecially-crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass FORTIFY_SOURCE\nprotections and execute arbitrary code using a format string flaw in an\napplication, even though these protections are expected to limit the\nimpact of such flaws to an application abort. (CVE-2012-0864)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1569 and CVE-2012-1573.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2011-4128 (gnutls issue)\n\nCVE-2012-1583 (kernel issue)\n\nCVE-2011-3045 (libpng issue)\n\nCVE-2012-0884 and CVE-2012-1165 (openssl issues)\n\nFurther information on the changes made to the package is available on the\nrelevant errata:\n\nhttps://rhn.redhat.com/errata/RHBA-2012-0398.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "modified": "2019-03-22T23:44:58", "published": "2012-04-17T04:00:00", "id": "RHSA-2012:0488", "href": "https://access.redhat.com/errata/RHSA-2012:0488", "type": "redhat", "title": "(RHSA-2012:0488) Important: rhev-hypervisor5 security and bug fix update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:37", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4128", "CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815", "CVE-2012-0864", "CVE-2012-0879", "CVE-2012-0884", "CVE-2012-1090", "CVE-2012-1097", "CVE-2012-1165", "CVE-2012-1569", "CVE-2012-1573"], "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could\ncreate carefully-crafted DER encoded input (such as an X.509 certificate)\nthat, when parsed by an application that uses libtasn1 (such as\napplications using GnuTLS), could cause the application to crash.\n(CVE-2012-1569)\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records. This\ncould cause a TLS/SSL client or server to crash when processing a\nspecially-crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass FORTIFY_SOURCE\nprotections and execute arbitrary code using a format string flaw in an\napplication, even though these protections are expected to limit the\nimpact of such flaws to an application abort. (CVE-2012-0864)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1569 and CVE-2012-1573.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2011-4128 (gnutls issue)\n\nCVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues)\n\nCVE-2012-0884 and CVE-2012-1165 (openssl issues)\n\nCVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues)\n\nThis update also fixes the following bug:\n\n* The Hypervisor previously set the lro_disable option for the enic driver.\nThe driver does not support this option, as a result the Hypervisor did\nnot correctly detect and configure the network interfaces of a Cisco M81KR\nadaptor, when present. The Hypervisor has been updated and no longer sets\nthe invalid option for this driver. (BZ#809463)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "modified": "2018-06-07T08:59:46", "published": "2012-04-30T04:00:00", "id": "RHSA-2012:0531", "href": "https://access.redhat.com/errata/RHSA-2012:0531", "type": "redhat", "title": "(RHSA-2012:0531) Important: rhev-hypervisor6 security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1569"], "description": "\nMu Dynamics, Inc. reports:\n\nVarious functions using the ASN.1 length decoding logic in\n\t Libtasn1 were incorrectly assuming that the return value from\n\t asn1_get_length_der is always less than the length of the\n\t enclosing ASN.1 structure, which is only true for valid\n\t structures and not for intentionally corrupt or otherwise\n\t buggy structures.\n\n", "edition": 4, "modified": "2012-03-24T00:00:00", "published": "2012-03-20T00:00:00", "id": "2E7E9072-73A0-11E1-A883-001CC0A36E12", "href": "https://vuxml.freebsd.org/freebsd/2e7e9072-73a0-11e1-a883-001cc0a36e12.html", "title": "libtasn1 -- ASN.1 length decoding vulnerability", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:07", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573", "CVE-2013-1619", "CVE-2013-2116"], "description": "New gnutls packages are available for Slackware 12.1, 12.2, 13.0, 13.1,\nand 13.37 to fix security issues.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/gnutls-2.10.5-i486-2_slack13.37.txz: Rebuilt.\n [Updated to the correct version to fix fetching the \"latest\" from gnu.org]\n This update prevents a side-channel attack which may allow remote attackers\n to conduct distinguishing attacks and plaintext recovery attacks using\n statistical analysis of timing data for crafted packets.\n Other minor security issues are patched as well.\n Thanks to mancha for backporting these patches.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4128\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/gnutls-2.8.4-i486-2_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/gnutls-2.8.4-i486-2_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gnutls-2.8.4-i486-2_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gnutls-2.8.4-x86_64-2_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/gnutls-2.8.6-i486-2_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/gnutls-2.8.6-x86_64-2_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnutls-2.10.5-i486-2_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnutls-2.10.5-x86_64-2_slack13.37.txz\n\n\nMD5 signatures:\n\nSlackware 12.1 package:\nb1befa86737a2451146dd108eb58b9a9 gnutls-2.8.4-i486-2_slack12.1.tgz\n\nSlackware 12.2 package:\n7ea0f267149d76ccdcca1206027e664f gnutls-2.8.4-i486-2_slack12.2.tgz\n\nSlackware 13.0 package:\n2c102969a15b8a66e79ec4d07821faf7 gnutls-2.8.4-i486-2_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n501b5709da4ff494a3ecdfee74187281 gnutls-2.8.4-x86_64-2_slack13.0.txz\n\nSlackware 13.1 package:\na7d101cd7fc47cf9e4e0f15406ca29fd gnutls-2.8.6-i486-2_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n65a234fe93b46c7ea29799ffc3e4f25e gnutls-2.8.6-x86_64-2_slack13.1.txz\n\nSlackware 13.37 package:\n9cf8770560e17d1d57267cb05bf3badd gnutls-2.10.5-i486-2_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n349f7f77e29612b679522a4a199c03fa gnutls-2.10.5-x86_64-2_slack13.37.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gnutls-2.10.5-i486-2_slack13.37.txz", "modified": "2013-10-15T00:18:30", "published": "2013-10-15T00:18:30", "id": "SSA-2013-287-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.467196", "type": "slackware", "title": "[slackware-security] gnutls", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:38:49", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2013-0169", "CVE-2013-1619", "CVE-2009-5138", "CVE-2014-0092", "CVE-2012-0390", "CVE-2012-1569", "CVE-2012-1573", "CVE-2013-2116"], "description": "The GnuTLS library received a critical security fix and\n other updates:\n\n * CVE-2014-0092: The X.509 certificate verification had\n incorrect error handling, which could lead to broken\n certificates marked as being valid.\n * CVE-2009-5138: A verification problem in handling V1\n certificates could also lead to V1 certificates incorrectly\n being handled.\n * CVE-2013-2116: The _gnutls_ciphertext2compressed\n function in lib/gnutls_cipher.c in GnuTLS allowed remote\n attackers to cause a denial of service (buffer over-read\n and crash) via a crafted padding length.\n * CVE-2013-1619: The TLS implementation in GnuTLS did\n not properly consider timing side-channel attacks on a\n noncompliant MAC check operation during the processing of\n malformed CBC padding, which allows remote attackers to\n conduct distinguishing attacks and plaintext-recovery\n attacks via statistical analysis of timing data for crafted\n packets, a related issue to CVE-2013-0169. (Lucky13)\n * CVE-2012-1569: The asn1_get_length_der function in\n decoding.c in GNU Libtasn1 , as used in GnuTLS did not\n properly handle certain large length values, which allowed\n remote attackers to cause a denial of service (heap memory\n corruption and application crash) or possibly have\n unspecified other impact via a crafted ASN.1 structure.\n * CVE-2012-1573: gnutls_cipher.c in libgnutls in GnuTLS\n did not properly handle data encrypted with a block cipher,\n which allowed remote attackers to cause a denial of service\n (heap memory corruption and application crash) via a\n crafted record, as demonstrated by a crafted\n GenericBlockCipher structure.\n * CVE-2012-0390: The DTLS implementation in GnuTLS\n executed certain error-handling code only if there is a\n specific relationship between a padding length and the\n ciphertext size, which made it easier for remote attackers\n to recover partial plaintext via a timing side-channel\n attack, a related issue to CVE-2011-4108.\n\n Also some non security bugs have been fixed:\n\n * Did some more s390x size_t vs int fixes. (bnc#536809,\n bnc#659128)\n * re-enabled &quot;legacy negotiation&quot; (bnc#554084)\n * fix safe-renegotiation for sle10sp3 and sle10sp4 bug\n (bnc#554084)\n * fix bug bnc#536809, fix gnutls-cli to abort\n connection after detecting a bad certificate\n", "edition": 1, "modified": "2014-03-04T01:04:52", "published": "2014-03-04T01:04:52", "id": "SUSE-SU-2014:0320-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html", "title": "Security update for gnutls (critical)", "type": "suse", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "vmware": [{"lastseen": "2019-11-06T16:05:38", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864", "CVE-2011-3188", "CVE-2011-4108", "CVE-2011-4609", "CVE-2011-4128", "CVE-2012-0815", "CVE-2011-3597", "CVE-2011-4324", "CVE-2011-4110", "CVE-2011-4576", "CVE-2011-4577", "CVE-2010-4180", "CVE-2010-4410", "CVE-2011-2699", "CVE-2011-4619", "CVE-2010-2761", "CVE-2011-4132", "CVE-2011-0014", "CVE-2010-0830", "CVE-2011-2484", "CVE-2012-1583", "CVE-2012-0061", "CVE-2012-0393", "CVE-2011-3209", "CVE-2012-0050", "CVE-2011-3363", "CVE-2012-0060", "CVE-2011-1833", "CVE-2012-0207", "CVE-2011-1020", "CVE-2012-2110", "CVE-2012-1569", "CVE-2010-4252", "CVE-2012-0841", "CVE-2009-5029", "CVE-2011-4325", "CVE-2012-1573", "CVE-2011-4109", "CVE-2011-1089", "CVE-2009-5064", "CVE-2011-2496"], "description": "a. vCenter and ESX update to JRE 1.6.0 Update 31 \nThe Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 4, "modified": "2012-12-20T00:00:00", "published": "2012-08-30T00:00:00", "id": "VMSA-2012-0013", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0013.html", "title": "VMware vSphere and vCOps updates to third party libraries", "type": "vmware", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}