MGASA-2016-0054

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0054.html

Import Source

https://advisories.mageia.org/MGASA-2016-0054.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0054

Upstream

CVE-2015-5291

CVE-2015-8036

Published

2016-02-09T13:05:25Z

Modified

2026-04-16T06:25:00.926629513Z

Summary

Updated mbedtls/hiawatha/belle-sip/linphone/pdns packages fix security vulnerability

Details

Note: this package was called polarssl, but is now called mbed tls. The PolarSSL software is now called mbed TLS.

Heap-based buffer overflow in mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message (CVE-2015-5291).

Heap-based buffer overflow in mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session (CVE-2015-8036).

The mbedtls package has been updated to version 1.3.16, which contains several other bug fixes, security fixes, and security enhancements.

The hiawatha package, which uses the polarssl/mbedtls library, has been updated to version 9.13 for improved compatibility.

The belle-sip library package has been updated to version 1.4.2 for improved compatibility and the linphone package has been rebuilt against mbedtls.

The pdns package has also been rebuilt against mbedtls.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / mbedtls

Package

Name: mbedtls
Purl: pkg:rpm/mageia/mbedtls?arch=source&distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.16-1.mga5

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2016-0054.json"

Mageia:5 / hiawatha

Package

Name: hiawatha
Purl: pkg:rpm/mageia/hiawatha?arch=source&distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.13-1.mga5

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2016-0054.json"

Mageia:5 / belle-sip

Package

Name: belle-sip
Purl: pkg:rpm/mageia/belle-sip?arch=source&distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.2-1.mga5

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2016-0054.json"

Mageia:5 / linphone

Package

Name: linphone
Purl: pkg:rpm/mageia/linphone?arch=source&distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.1-1.1.mga5

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2016-0054.json"

Mageia:5 / pdns

Package

Name: pdns
Purl: pkg:rpm/mageia/pdns?arch=source&distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.3-1.1.mga5

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2016-0054.json"