From a43a13fc74a9453aceaab2fb3344877e2444be1b Mon Sep 17 00:00:00 2001 From: Azure Linux Security Servicing Account Date: Wed, 14 Jan 2026 09:00:48 +0000 Subject: [PATCH] Patch libtasn1 for CVE-2025-13151 --- SPECS/libtasn1/CVE-2025-13151.patch | 28 +++++++++++++++++++ SPECS/libtasn1/libtasn1.spec | 6 +++- .../manifests/package/pkggen_core_aarch64.txt | 2 +- .../manifests/package/pkggen_core_x86_64.txt | 2 +- .../manifests/package/toolchain_aarch64.txt | 6 ++-- .../manifests/package/toolchain_x86_64.txt | 6 ++-- 6 files changed, 41 insertions(+), 9 deletions(-) create mode 100644 SPECS/libtasn1/CVE-2025-13151.patch diff --git a/SPECS/libtasn1/CVE-2025-13151.patch b/SPECS/libtasn1/CVE-2025-13151.patch new file mode 100644 index 00000000000..b7a6cb9709e --- /dev/null +++ b/SPECS/libtasn1/CVE-2025-13151.patch @@ -0,0 +1,28 @@ +From ba613b5959cfac19710ebd300e9391aa5d7c0eac Mon Sep 17 00:00:00 2001 +From: Vijay Sarvepalli +Date: Mon, 22 Dec 2025 12:24:27 -0500 +Subject: [PATCH] Fix for CVE-2025-13151 Buffer overflow + +Signed-off-by: Simon Josefsson +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://gitlab.com/gnutls/libtasn1/-/commit/d276cc495a2a32b182c3c39851f1ba58f2d9f9b8.patch +--- + lib/decoding.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/decoding.c b/lib/decoding.c +index b9245c4..bc45138 100644 +--- a/lib/decoding.c ++++ b/lib/decoding.c +@@ -1976,7 +1976,7 @@ int + asn1_expand_octet_string (asn1_node_const definitions, asn1_node * element, + const char *octetName, const char *objectName) + { +- char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE]; ++ char name[2 * ASN1_MAX_NAME_SIZE + 2], value[ASN1_MAX_NAME_SIZE]; + int retCode = ASN1_SUCCESS, result; + int len, len2, len3; + asn1_node_const p2; +-- +2.45.4 + diff --git a/SPECS/libtasn1/libtasn1.spec b/SPECS/libtasn1/libtasn1.spec index 31914b97a0d..223dc5ed9fe 100644 --- a/SPECS/libtasn1/libtasn1.spec +++ b/SPECS/libtasn1/libtasn1.spec @@ -1,7 +1,7 @@ Summary: ASN.1 library Name: libtasn1 Version: 4.19.0 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv3+ AND LGPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -9,6 +9,7 @@ Group: System Environment/Libraries URL: https://www.gnu.org/software/libtasn1/ Source0: https://ftp.gnu.org/gnu/libtasn1/%{name}-%{version}.tar.gz Patch0: CVE-2024-12133.patch +Patch1: CVE-2025-13151.patch Provides: libtasn1-tools = %{version}-%{release} %description @@ -58,6 +59,9 @@ make %{?_smp_mflags} check %{_mandir}/man3/* %changelog +* Wed Jan 14 2026 Azure Linux Security Servicing Account - 4.19.0-3 +- Patch for CVE-2025-13151 + * Fri Feb 21 2025 Ankita Pareek - 4.19.0-2 - Address CVE-2024-12133 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 61b0a0b58e3..b26e9101130 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -228,7 +228,7 @@ mariner-repos-shared-2.0-9.cm2.noarch.rpm mariner-repos-2.0-9.cm2.noarch.rpm libffi-3.4.2-3.cm2.aarch64.rpm libffi-devel-3.4.2-3.cm2.aarch64.rpm -libtasn1-4.19.0-2.cm2.aarch64.rpm +libtasn1-4.19.0-3.cm2.aarch64.rpm p11-kit-0.24.1-1.cm2.aarch64.rpm p11-kit-trust-0.24.1-1.cm2.aarch64.rpm ca-certificates-shared-2.0.0-25.cm2.noarch.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 8e1b2cacdd8..93960bf8cb6 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -228,7 +228,7 @@ mariner-repos-shared-2.0-9.cm2.noarch.rpm mariner-repos-2.0-9.cm2.noarch.rpm libffi-3.4.2-3.cm2.x86_64.rpm libffi-devel-3.4.2-3.cm2.x86_64.rpm -libtasn1-4.19.0-2.cm2.x86_64.rpm +libtasn1-4.19.0-3.cm2.x86_64.rpm p11-kit-0.24.1-1.cm2.x86_64.rpm p11-kit-trust-0.24.1-1.cm2.x86_64.rpm ca-certificates-shared-2.0.0-25.cm2.noarch.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index c90a4b59b01..40f1fe68ad8 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -204,9 +204,9 @@ libssh2-debuginfo-1.9.0-4.cm2.aarch64.rpm libssh2-devel-1.9.0-4.cm2.aarch64.rpm libstdc++-11.2.0-9.cm2.aarch64.rpm libstdc++-devel-11.2.0-9.cm2.aarch64.rpm -libtasn1-4.19.0-2.cm2.aarch64.rpm -libtasn1-debuginfo-4.19.0-2.cm2.aarch64.rpm -libtasn1-devel-4.19.0-2.cm2.aarch64.rpm +libtasn1-4.19.0-3.cm2.aarch64.rpm +libtasn1-debuginfo-4.19.0-3.cm2.aarch64.rpm +libtasn1-devel-4.19.0-3.cm2.aarch64.rpm libtool-2.4.6-8.cm2.aarch64.rpm libtool-debuginfo-2.4.6-8.cm2.aarch64.rpm libxml2-2.10.4-9.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 55c5217a403..7f721e63271 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -210,9 +210,9 @@ libssh2-debuginfo-1.9.0-4.cm2.x86_64.rpm libssh2-devel-1.9.0-4.cm2.x86_64.rpm libstdc++-11.2.0-9.cm2.x86_64.rpm libstdc++-devel-11.2.0-9.cm2.x86_64.rpm -libtasn1-4.19.0-2.cm2.x86_64.rpm -libtasn1-debuginfo-4.19.0-2.cm2.x86_64.rpm -libtasn1-devel-4.19.0-2.cm2.x86_64.rpm +libtasn1-4.19.0-3.cm2.x86_64.rpm +libtasn1-debuginfo-4.19.0-3.cm2.x86_64.rpm +libtasn1-devel-4.19.0-3.cm2.x86_64.rpm libtool-2.4.6-8.cm2.x86_64.rpm libtool-debuginfo-2.4.6-8.cm2.x86_64.rpm libxml2-2.10.4-9.cm2.x86_64.rpm