Advisories ยป MGASA-2014-0481

Updated polarssl package fix security vulnerabilities

Publication date: 22 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-8627 , CVE-2014-8628

Description

A regression in PolarSSL 1.3.8 resulted in servers negotiating a weaker
signature algorithm than available.  This has been fixed in PolarSSL 1.3.9
(CVE-2014-8627).

Two remotely-triggerable memory leaks were found by the Codenomicon Defensics
tool and fixed in PolarSSL 1.3.9 (CVE-2014-8628).
                

References

SRPMS

4/core

3/core