Updated polarssl packages fix security vulnerability
Publication date: 05 Aug 2014Modification date: 05 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4911
Description
A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLS library, which can be exploited by a remote unauthenticated attacker to mount a denial of service against PolarSSL servers that offer GCM ciphersuites. Potentially clients are affected too if a malicious server decides to execute the denial of service attack against its clients (CVE-2014-4911). The pdns package has been rebuilt against the updated polarssl library.
References
- https://bugs.mageia.org/show_bug.cgi?id=13764
- https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02
- https://polarssl.org/tech-updates/releases/polarssl-1.3.8-released
- https://www.debian.org/security/2014/dsa-2981
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4911
SRPMS
3/core
- polarssl-1.3.8-1.mga3
- pdns-3.3.1-1.3.mga3
4/core
- polarssl-1.3.8-1.mga4
- pdns-3.3.1-2.2.mga4