Advisories » MGASA-2017-0030

Updated mbedtls packages fix security vulnerability

Publication date: 29 Jan 2017
Modification date: 29 Jan 2017
Type: security
Affected Mageia releases : 5

Description

The mbedtls package has been updated to version 1.3.18, which removes a
non-default configuration option that could lead to session key recovery
in very long TLS sessions and fixes a potential stack corruption that
cannot be triggered remotely.  It also fixes several bugs.

See the upstream release announcement for details.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20162
• https://tls.mbed.org/tech-updates/releases/mbedtls-2.4.0-2.1.6-and-1.3.18-released

SRPMS

5/core

• mbedtls-1.3.18-1.mga5