Advisories ยป MGASA-2018-0038

Updated mbedtls packages fix security vulnerability

Publication date: 03 Jan 2018
Modification date: 03 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-14032

Description

ARM mbed TLS before 1.3.21, 2.1.x before 2.1.9 and 2.x before 2.6.0, if
optional authentication is configured, allows remote attackers to bypass
peer authentication via an X.509 certificate chain with many intermediates
(CVE-2017-14032).

References

SRPMS

5/core

6/core