Skip to content

[AutoPR- Security] Patch libtasn1 for CVE-2025-13151 [LOW] #15485

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
azurelinux-security wants to merge 1 commit into
base: 3.0-dev
Choose a base branch
from
+54 −9
Open

[AutoPR- Security] Patch libtasn1 for CVE-2025-13151 [LOW] #15485

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions SPECS/libtasn1/CVE-2025-13151.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
From 19c67d35287ca30929e0f4353cdc1b89de1ae75e Mon Sep 17 00:00:00 2001
From: AllSpark <[email protected]>
Date: Mon, 12 Jan 2026 16:41:34 +0000
Subject: [PATCH] Fix for CVE-2025-13151: prevent stack-based buffer overflow
in asn1_expand_octet_string; update NEWS

Signed-off-by: Azure Linux Security Servicing Account <[email protected]>
Upstream-reference: AI Backport of https://gitlab.com/gnutls/libtasn1/-/commit/d276cc495a2a32b182c3c39851f1ba58f2d9f9b8.patch
---
NEWS | 1 +
lib/decoding.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index cbd09eb..2100e6f 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,7 @@ GNU Libtasn1 NEWS -*- outline -*-
- Clarify libtasn1.map license. Closes: #38.
- Fix ETYPE_OK out of bounds read. Closes: #32.
- Update gnulib files and various maintenance fixes.
+- Fix for vulnerbaility CVE-2025-13151 Stack-based buffer overflow

* Noteworthy changes in release 4.18.0 (2021-11-09) [stable]
- Improve GTK-DOC manual. Closes: #35.
diff --git a/lib/decoding.c b/lib/decoding.c
index b9245c4..bc45138 100644
--- a/lib/decoding.c
+++ b/lib/decoding.c
@@ -1976,7 +1976,7 @@ int
asn1_expand_octet_string (asn1_node_const definitions, asn1_node * element,
const char *octetName, const char *objectName)
{
- char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE];
+ char name[2 * ASN1_MAX_NAME_SIZE + 2], value[ASN1_MAX_NAME_SIZE];
int retCode = ASN1_SUCCESS, result;
int len, len2, len3;
asn1_node_const p2;
--
2.45.4

6 changes: 5 additions & 1 deletion SPECS/libtasn1/libtasn1.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
Summary: ASN.1 library
Name: libtasn1
Version: 4.19.0
Release: 2%{?dist}
Release: 3%{?dist}
License: GPLv3+ AND LGPLv2+
Vendor: Microsoft Corporation
Distribution: Azure Linux
Group: System Environment/Libraries
URL: https://www.gnu.org/software/libtasn1/
Source0: https://ftp.gnu.org/gnu/libtasn1/%{name}-%{version}.tar.gz
Patch0: CVE-2024-12133.patch
Patch1: CVE-2025-13151.patch
Provides: libtasn1-tools = %{version}-%{release}

%description
Expand Down Expand Up @@ -58,6 +59,9 @@ make %{?_smp_mflags} check
%{_mandir}/man3/*

%changelog
* Mon Jan 12 2026 Azure Linux Security Servicing Account <[email protected]> - 4.19.0-3
- Patch for CVE-2025-13151

* Fri Feb 21 2024 Ankita Pareek <[email protected]> - 4.19.0-2
- Address CVE-2024-12133

Expand Down
2 changes: 1 addition & 1 deletion toolkit/resources/manifests/package/pkggen_core_aarch64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -235,7 +235,7 @@ azurelinux-repos-shared-3.0-5.azl3.noarch.rpm
azurelinux-repos-3.0-5.azl3.noarch.rpm
libffi-3.4.4-1.azl3.aarch64.rpm
libffi-devel-3.4.4-1.azl3.aarch64.rpm
libtasn1-4.19.0-2.azl3.aarch64.rpm
libtasn1-4.19.0-3.azl3.aarch64.rpm
p11-kit-0.25.0-1.azl3.aarch64.rpm
p11-kit-trust-0.25.0-1.azl3.aarch64.rpm
ca-certificates-shared-3.0.0-14.azl3.noarch.rpm
Expand Down
2 changes: 1 addition & 1 deletion toolkit/resources/manifests/package/pkggen_core_x86_64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -235,7 +235,7 @@ azurelinux-repos-shared-3.0-5.azl3.noarch.rpm
azurelinux-repos-3.0-5.azl3.noarch.rpm
libffi-3.4.4-1.azl3.x86_64.rpm
libffi-devel-3.4.4-1.azl3.x86_64.rpm
libtasn1-4.19.0-2.azl3.x86_64.rpm
libtasn1-4.19.0-3.azl3.x86_64.rpm
p11-kit-0.25.0-1.azl3.x86_64.rpm
p11-kit-trust-0.25.0-1.azl3.x86_64.rpm
ca-certificates-shared-3.0.0-14.azl3.noarch.rpm
Expand Down
6 changes: 3 additions & 3 deletions toolkit/resources/manifests/package/toolchain_aarch64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,9 +234,9 @@ libssh2-debuginfo-1.11.1-1.azl3.aarch64.rpm
libssh2-devel-1.11.1-1.azl3.aarch64.rpm
libstdc++-13.2.0-7.azl3.aarch64.rpm
libstdc++-devel-13.2.0-7.azl3.aarch64.rpm
libtasn1-4.19.0-2.azl3.aarch64.rpm
libtasn1-debuginfo-4.19.0-2.azl3.aarch64.rpm
libtasn1-devel-4.19.0-2.azl3.aarch64.rpm
libtasn1-4.19.0-3.azl3.aarch64.rpm
libtasn1-debuginfo-4.19.0-3.azl3.aarch64.rpm
libtasn1-devel-4.19.0-3.azl3.aarch64.rpm
libtool-2.4.7-1.azl3.aarch64.rpm
libtool-debuginfo-2.4.7-1.azl3.aarch64.rpm
libxcrypt-4.4.36-2.azl3.aarch64.rpm
Expand Down
6 changes: 3 additions & 3 deletions toolkit/resources/manifests/package/toolchain_x86_64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,9 +242,9 @@ libssh2-debuginfo-1.11.1-1.azl3.x86_64.rpm
libssh2-devel-1.11.1-1.azl3.x86_64.rpm
libstdc++-13.2.0-7.azl3.x86_64.rpm
libstdc++-devel-13.2.0-7.azl3.x86_64.rpm
libtasn1-4.19.0-2.azl3.x86_64.rpm
libtasn1-debuginfo-4.19.0-2.azl3.x86_64.rpm
libtasn1-devel-4.19.0-2.azl3.x86_64.rpm
libtasn1-4.19.0-3.azl3.x86_64.rpm
libtasn1-debuginfo-4.19.0-3.azl3.x86_64.rpm
libtasn1-devel-4.19.0-3.azl3.x86_64.rpm
libtool-2.4.7-1.azl3.x86_64.rpm
libtool-debuginfo-2.4.7-1.azl3.x86_64.rpm
libxml2-2.11.5-7.azl3.x86_64.rpm
Expand Down
Loading