ALAS-2012-060


Amazon Linux AMI Security Advisory: ALAS-2012-60
Advisory Release Date: 2014-09-14 15:45 Pacific
Severity: Important

Issue Overview:

A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569 )


Affected Packages:

libtasn1


Issue Correction:
Run yum update libtasn1 to update your system.

New Packages:
i686:
    libtasn1-tools-2.3-3.4.amzn1.i686
    libtasn1-debuginfo-2.3-3.4.amzn1.i686
    libtasn1-2.3-3.4.amzn1.i686
    libtasn1-devel-2.3-3.4.amzn1.i686

src:
    libtasn1-2.3-3.4.amzn1.src

x86_64:
    libtasn1-debuginfo-2.3-3.4.amzn1.x86_64
    libtasn1-tools-2.3-3.4.amzn1.x86_64
    libtasn1-2.3-3.4.amzn1.x86_64
    libtasn1-devel-2.3-3.4.amzn1.x86_64