UbuntuUpdates.org

Package "pyasn1"

Name: pyasn1

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • ASN.1 library for Python (documentation)
  • ASN.1 library for Python (Python 3 module)
Latest version: 0.4.8-4ubuntu0.2
Release: noble (24.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "pyasn1" in Noble

Repository Area Version
base main 0.4.8-4
updates main 0.4.8-4ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.4.8-4ubuntu0.2 2026-03-30 14:07:58 UTC

  pyasn1 (0.4.8-4ubuntu0.2) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via uncontrolled recursion
    - debian/patches/CVE-2026-30922.patch: limit nesting depth in
      pyasn1/codec/ber/decoder.py, tests/codec/ber/test_decoder.py,
      tests/codec/cer/test_decoder.py, tests/codec/der/test_decoder.py.
    - CVE-2026-30922

 -- Marc Deslauriers <email address hidden> Mon, 23 Mar 2026 12:14:38 -0400
Source diff to previous version
CVE-2026-30922 pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncont

Version: 0.4.8-4ubuntu0.1 2026-01-22 22:18:53 UTC

  pyasn1 (0.4.8-4ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: memory exhaustion from malformed RELATIVE-OID
    - debian/patches/CVE-2026-23490.patch: add limit of 20 continuation
      octets per OID arc in pyasn1/codec/ber/decoder.py,
      tests/codec/ber/test_decoder.py.
    - CVE-2026-23490

 -- Marc Deslauriers <email address hidden> Tue, 20 Jan 2026 10:40:22 -0500
CVE-2026-23490 pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed


About   -   Send Feedback to @ubuntu_updates