Advisories » MGASA-2018-0253

Updated mbedtls packages fix security issues

Publication date: 24 May 2018
Modification date: 24 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-9988 , CVE-2018-9989

Description

CVE-2018-9988: ARM mbed TLS before 2.1.11, before 2.7.2, and before
2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that
could cause a crash on invalid input.
CVE-2018-9989: ARM mbed TLS before 2.1.11, before 2.7.2, and before
2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could
cause a crash on invalid input.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22914
• https://lists.opensuse.org/opensuse-updates/2018-04/msg00051.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9988
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9989

SRPMS

6/tainted

• dolphin-emu-5.0-5.2.mga6.tainted

6/core

• bctoolbox-0.2.0-4.2.mga6
• hiawatha-10.4-1.2.mga6
• mbedtls-2.7.3-1.mga6
• shadowsocks-libev-3.1.0-1.2.mga6