Advisories » MGASA-2015-0185

Updated polarssl & hiawatha packages fix security vulnerabilities

Publication date: 05 May 2015
Modification date: 05 May 2015
Type: security
Affected Mageia releases : 4

Description

Updated hiawatha package fixes security vulnerabilities:

The hiawatha package included a bundled copy of PolarSSL 1.3.2, which was
vulnerable to several security issues that had already been fixed in the
system polarssl package.  These issues were CVE-2014-4911, CVE-2014-8627,
CVE-2014-8628, and CVE-2015-1182, which were fixed in MGASA-2014-0315,
MGASA-2014-0481, and MGASA-2015-0055.

The polarssl package has been adjusted so that hiawatha can use it, and
hiawatha has been rebuilt to use the updated system polarssl, fixing these
issues.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15391
• http://advisories.mageia.org/MGASA-2014-0315.html
• http://advisories.mageia.org/MGASA-2014-0481.html
• http://advisories.mageia.org/MGASA-2015-0055.html

SRPMS

4/core

• polarssl-1.3.9-1.2.mga4
• hiawatha-9.3-1.1.mga4