MGASA-2018-0432

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0432.html

Import Source

https://advisories.mageia.org/MGASA-2018-0432.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0432

Related

Published

2018-11-03T11:55:18Z

Modified

2018-11-03T11:28:15Z

Summary

Updated mbedtls packages fix security vulnerabilities

Details

Updated mbedtls package fixes security vulnerabilities:

Fixed a vulnerability in the TLS ciphersuites based on use of CBC and SHA-384 in DTLS/TLS 1.0 to 1.2, that allowed an active network attacker to partially recover the plaintext of messages under certains conditions by exploiting timing side-channels (CVE-2018-0497).

Fixed a vulnerability in TLS ciphersuites based on CBC, in DTLS/TLS 1.0 to 1.2, that allowed a local attacker, with the ability to execute code on the local machine as well as to manipulate network packets, to partially recover the plaintext of messages under certain conditions (CVE-2018-0498).

Fixed an issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing (no CVE assigned).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / mbedtls

Package

Name: mbedtls
Purl: pkg:rpm/mageia/mbedtls?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.6-1.mga6

Ecosystem specific

{
    "section": "core"
}