Updated polarssl package fix security vulnerabilitiesPublication date: 22 Nov 2014
Affected Mageia releases : 3 , 4
CVE: CVE-2014-8627 , CVE-2014-8628
A regression in PolarSSL 1.3.8 resulted in servers negotiating a weaker signature algorithm than available. This has been fixed in PolarSSL 1.3.9 (CVE-2014-8627). Two remotely-triggerable memory leaks were found by the Codenomicon Defensics tool and fixed in PolarSSL 1.3.9 (CVE-2014-8628).