From http://lists.gnu.org/archive/html/help-libtasn1/2015-03/msg00002.html: GNU Libtasn1 is a standalone library written in C for manipulating ASN.1 objects including DER/BER encoding/decoding. GNU Libtasn1 is used by GnuTLS to handle X.509 structures and by GNU Shishi to handle Kerberos V5 structures. * Noteworthy changes in release 4.4 (released 2015-03-29) [stable] - Corrected a two-byte stack overflow in asn1_der_decoding. Reported by Hanno Böck. Exact commit that fixes this: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 CVE request: http://seclists.org/oss-sec/2015/q1/1038
Created libtasn1 tracking bugs for this issue: Affects: fedora-all [bug 1207193]
Created mingw-libtasn1 tracking bugs for this issue: Affects: fedora-all [bug 1207194] Affects: epel-all [bug 1207195]
libtasn1-3.8-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
libtasn1-4.4-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
mingw-libtasn1-4.4-1.fc22, mingw-gnutls-3.3.14-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
libtasn1-4.4-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
mingw-libtasn1-3.8-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
mingw-libtasn1-4.4-1.fc21, mingw-gnutls-3.3.14-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Statement: Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in the libtasn1 packages.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1860 https://access.redhat.com/errata/RHSA-2017:1860