Advisories » MGASA-2014-0481

Updated polarssl package fix security vulnerabilities

Publication date: 22 Nov 2014
Modification date: 22 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-8627 , CVE-2014-8628

Description

A regression in PolarSSL 1.3.8 resulted in servers negotiating a weaker
signature algorithm than available.  This has been fixed in PolarSSL 1.3.9
(CVE-2014-8627).

Two remotely-triggerable memory leaks were found by the Codenomicon Defensics
tool and fixed in PolarSSL 1.3.9 (CVE-2014-8628).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14472
• https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released
• http://openwall.com/lists/oss-security/2014/11/06/4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8627
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8628

SRPMS

3/core

• polarssl-1.3.9-1.mga3

4/core

• polarssl-1.3.9-1.mga4