[AutoPR- Security] Patch libtasn1 for CVE-2025-13151 [LOW] (#15485)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>

Author: azurelinux-security

SPECS/libtasn1/CVE-2025-13151.patch

@@ -0,0 +1,41 @@
+From 19c67d35287ca30929e0f4353cdc1b89de1ae75e Mon Sep 17 00:00:00 2001
+From: AllSpark <allspark@microsoft.com>
+Date: Mon, 12 Jan 2026 16:41:34 +0000
+Subject: [PATCH] Fix for CVE-2025-13151: prevent stack-based buffer overflow
+ in asn1_expand_octet_string; update NEWS
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: AI Backport of https://gitlab.com/gnutls/libtasn1/-/commit/d276cc495a2a32b182c3c39851f1ba58f2d9f9b8.patch
+---
+ NEWS           | 1 +
+ lib/decoding.c | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/NEWS b/NEWS
+index cbd09eb..2100e6f 100644
+--- a/NEWS
++++ b/NEWS
+@@ -4,6 +4,7 @@ GNU Libtasn1 NEWS                                     -*- outline -*-
+ - Clarify libtasn1.map license.  Closes: #38.
+ - Fix ETYPE_OK out of bounds read.  Closes: #32.
+ - Update gnulib files and various maintenance fixes.
++- Fix for vulnerbaility CVE-2025-13151 Stack-based buffer overflow
+ 
+ * Noteworthy changes in release 4.18.0 (2021-11-09) [stable]
+ - Improve GTK-DOC manual.  Closes: #35.
+diff --git a/lib/decoding.c b/lib/decoding.c
+index b9245c4..bc45138 100644
+--- a/lib/decoding.c
++++ b/lib/decoding.c
+@@ -1976,7 +1976,7 @@ int
+ asn1_expand_octet_string (asn1_node_const definitions, asn1_node * element,
+ 			  const char *octetName, const char *objectName)
+ {
+-  char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE];
++  char name[2 * ASN1_MAX_NAME_SIZE + 2], value[ASN1_MAX_NAME_SIZE];
+   int retCode = ASN1_SUCCESS, result;
+   int len, len2, len3;
+   asn1_node_const p2;
+-- 
+2.45.4
+

SPECS/libtasn1/libtasn1.spec

@@ -1,14 +1,15 @@
 Summary:        ASN.1 library
 Name:           libtasn1
 Version:        4.19.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPLv3+ AND LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          System Environment/Libraries
 URL:            https://www.gnu.org/software/libtasn1/
 Source0:        https://ftp.gnu.org/gnu/libtasn1/%{name}-%{version}.tar.gz
 Patch0:         CVE-2024-12133.patch
+Patch1:         CVE-2025-13151.patch
 Provides:       libtasn1-tools = %{version}-%{release}
 
 %description
@@ -58,7 +59,10 @@ make %{?_smp_mflags} check
 %{_mandir}/man3/*
 
 %changelog
-* Fri Feb 21 2024 Ankita Pareek <ankitapareek@microsoft.com> - 4.19.0-2
+* Mon Jan 12 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 4.19.0-3
+- Patch for CVE-2025-13151
+
+* Fri Feb 21 2025 Ankita Pareek <ankitapareek@microsoft.com> - 4.19.0-2
 - Address CVE-2024-12133
 
 * Tue Oct 25 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 4.19.0-1

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -235,7 +235,7 @@ azurelinux-repos-shared-3.0-5.azl3.noarch.rpm
 azurelinux-repos-3.0-5.azl3.noarch.rpm
 libffi-3.4.4-1.azl3.aarch64.rpm
 libffi-devel-3.4.4-1.azl3.aarch64.rpm
-libtasn1-4.19.0-2.azl3.aarch64.rpm
+libtasn1-4.19.0-3.azl3.aarch64.rpm
 p11-kit-0.25.0-1.azl3.aarch64.rpm
 p11-kit-trust-0.25.0-1.azl3.aarch64.rpm
 ca-certificates-shared-3.0.0-14.azl3.noarch.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -235,7 +235,7 @@ azurelinux-repos-shared-3.0-5.azl3.noarch.rpm
 azurelinux-repos-3.0-5.azl3.noarch.rpm
 libffi-3.4.4-1.azl3.x86_64.rpm
 libffi-devel-3.4.4-1.azl3.x86_64.rpm
-libtasn1-4.19.0-2.azl3.x86_64.rpm
+libtasn1-4.19.0-3.azl3.x86_64.rpm
 p11-kit-0.25.0-1.azl3.x86_64.rpm
 p11-kit-trust-0.25.0-1.azl3.x86_64.rpm
 ca-certificates-shared-3.0.0-14.azl3.noarch.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -234,9 +234,9 @@ libssh2-debuginfo-1.11.1-1.azl3.aarch64.rpm
 libssh2-devel-1.11.1-1.azl3.aarch64.rpm
 libstdc++-13.2.0-7.azl3.aarch64.rpm
 libstdc++-devel-13.2.0-7.azl3.aarch64.rpm
-libtasn1-4.19.0-2.azl3.aarch64.rpm
-libtasn1-debuginfo-4.19.0-2.azl3.aarch64.rpm
-libtasn1-devel-4.19.0-2.azl3.aarch64.rpm
+libtasn1-4.19.0-3.azl3.aarch64.rpm
+libtasn1-debuginfo-4.19.0-3.azl3.aarch64.rpm
+libtasn1-devel-4.19.0-3.azl3.aarch64.rpm
 libtool-2.4.7-1.azl3.aarch64.rpm
 libtool-debuginfo-2.4.7-1.azl3.aarch64.rpm
 libxcrypt-4.4.36-2.azl3.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -242,9 +242,9 @@ libssh2-debuginfo-1.11.1-1.azl3.x86_64.rpm
 libssh2-devel-1.11.1-1.azl3.x86_64.rpm
 libstdc++-13.2.0-7.azl3.x86_64.rpm
 libstdc++-devel-13.2.0-7.azl3.x86_64.rpm
-libtasn1-4.19.0-2.azl3.x86_64.rpm
-libtasn1-debuginfo-4.19.0-2.azl3.x86_64.rpm
-libtasn1-devel-4.19.0-2.azl3.x86_64.rpm
+libtasn1-4.19.0-3.azl3.x86_64.rpm
+libtasn1-debuginfo-4.19.0-3.azl3.x86_64.rpm
+libtasn1-devel-4.19.0-3.azl3.x86_64.rpm
 libtool-2.4.7-1.azl3.x86_64.rpm
 libtool-debuginfo-2.4.7-1.azl3.x86_64.rpm
 libxml2-2.11.5-8.azl3.x86_64.rpm