CVE-2014-3467 — libtasn1-3 - security update

Description

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

How to fix CVE-2014-3467

To remediate CVE-2014-3467, upgrade the affected package to a fixed version below.

Debian/libtasn1-3—upgrade to 2.7-1+squeeze+2 or later
Debian/libtasn1-3—upgrade to 2.13-2+deb7u1 or later
Debian/libtasn1-6—upgrade to 3.6-1 or later

Is CVE-2014-3467 being exploited?

Moderate — EPSS is 7.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (3)

from 0, < 2.7-1+squeeze+2
from 0, < 2.13-2+deb7u1
from 0, < 3.6-1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-3467