An update for libtasn1 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-2030 Final 1.0 1.0 2022-10-28 Initial 2022-10-28 2022-10-28 openEuler SA Tool V1.0 2022-10-28 libtasn1 security update An update for libtasn1 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. Libtasn1 is the ASN.1 library used by GnuTLS, p11-kit and some other packages.The goal of this implementation is to be highly portable, and only require an ANSI C99 platform.This library provides Abstract Syntax Notation One (ASN.1,as specified by the X.680 ITU-T recommendation) parsing and structures management,and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions. Security Fix(es): GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.(CVE-2021-46848) An update for libtasn1 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical libtasn1 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2030 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-46848 https://nvd.nist.gov/vuln/detail/CVE-2021-46848 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS libtasn1-debugsource-4.16.0-2.oe1.aarch64.rpm libtasn1-4.16.0-2.oe1.aarch64.rpm libtasn1-debuginfo-4.16.0-2.oe1.aarch64.rpm libtasn1-devel-4.16.0-2.oe1.aarch64.rpm libtasn1-4.16.0-2.oe1.aarch64.rpm libtasn1-devel-4.16.0-2.oe1.aarch64.rpm libtasn1-debugsource-4.16.0-2.oe1.aarch64.rpm libtasn1-debuginfo-4.16.0-2.oe1.aarch64.rpm libtasn1-debuginfo-4.17.0-3.oe2203.aarch64.rpm libtasn1-debugsource-4.17.0-3.oe2203.aarch64.rpm libtasn1-devel-4.17.0-3.oe2203.aarch64.rpm libtasn1-4.17.0-3.oe2203.aarch64.rpm libtasn1-help-4.16.0-2.oe1.noarch.rpm libtasn1-help-4.16.0-2.oe1.noarch.rpm libtasn1-help-4.17.0-3.oe2203.noarch.rpm libtasn1-4.16.0-2.oe1.src.rpm libtasn1-4.16.0-2.oe1.src.rpm libtasn1-4.17.0-3.oe2203.src.rpm libtasn1-debugsource-4.16.0-2.oe1.x86_64.rpm libtasn1-4.16.0-2.oe1.x86_64.rpm libtasn1-debuginfo-4.16.0-2.oe1.x86_64.rpm libtasn1-devel-4.16.0-2.oe1.x86_64.rpm libtasn1-4.16.0-2.oe1.x86_64.rpm libtasn1-debuginfo-4.16.0-2.oe1.x86_64.rpm libtasn1-debugsource-4.16.0-2.oe1.x86_64.rpm libtasn1-devel-4.16.0-2.oe1.x86_64.rpm libtasn1-debuginfo-4.17.0-3.oe2203.x86_64.rpm libtasn1-devel-4.17.0-3.oe2203.x86_64.rpm libtasn1-debugsource-4.17.0-3.oe2203.x86_64.rpm libtasn1-4.17.0-3.oe2203.x86_64.rpm GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. 2022-10-28 CVE-2021-46848 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H libtasn1 security update 2022-10-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2030