MGASA-2018-0163
- Source
- https://advisories.mageia.org/MGASA-2018-0163.html
- Import Source
- https://advisories.mageia.org/MGASA-2018-0163.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2018-0163
- Related
- Published
- 2018-03-10T20:47:30Z
- Modified
- 2022-01-22T02:45:17Z
- Summary
- Updated mbedtls and related packages fix security vulnerabilities
- Details
-
The mbedtls package has been updated to fix several security issues.
Fixed a heap corruption issue in the implementation of the truncated HMAC extension. When the truncated HMAC extension is enabled and CBC is used, sending a malicious application packet could be used to selectively corrupt 6 bytes on the peer's heap, which could potentially lead to crash or remote code execution. The issue could be triggered remotely from either side in both TLS and DTLS. (CVE-2018-0488)
Fixed a buffer overflow in RSA-PSS verification when the hash was too large for the key size, which could potentially lead to crash or remote code execution. (CVE-2018-0487)
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:6 / mbedtls
Package
- Name
- mbedtls
- Purl
- pkg:rpm/mageia/mbedtls?distro=mageia-6
Mageia:6 / shadowsocks-libev
Package
- Name
- shadowsocks-libev
- Purl
- pkg:rpm/mageia/shadowsocks-libev?distro=mageia-6
Mageia:6 / bctoolbox
Package
- Name
- bctoolbox
- Purl
- pkg:rpm/mageia/bctoolbox?distro=mageia-6
Mageia:6 / hiawatha
Package
- Name
- hiawatha
- Purl
- pkg:rpm/mageia/hiawatha?distro=mageia-6
Mageia:6 / dolphin-emu
Package
- Name
- dolphin-emu
- Purl
- pkg:rpm/mageia/dolphin-emu?distro=mageia-6