Updated mbedtls and related packages fix security vulnerabilities
Publication date: 10 Mar 2018Modification date: 22 Jan 2022
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-0488 , CVE-2018-0487
Description
The mbedtls package has been updated to fix several security issues. Fixed a heap corruption issue in the implementation of the truncated HMAC extension. When the truncated HMAC extension is enabled and CBC is used, sending a malicious application packet could be used to selectively corrupt 6 bytes on the peer's heap, which could potentially lead to crash or remote code execution. The issue could be triggered remotely from either side in both TLS and DTLS. (CVE-2018-0488) Fixed a buffer overflow in RSA-PSS verification when the hash was too large for the key size, which could potentially lead to crash or remote code execution. (CVE-2018-0487)
References
- https://bugs.mageia.org/show_bug.cgi?id=22653
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.7.0-2.1.10-and-1.3.22-released
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487
SRPMS
6/tainted
- dolphin-emu-5.0-5.1.mga6
6/core
- mbedtls-2.7.0-1.mga6
- shadowsocks-libev-3.1.0-1.1.mga6
- bctoolbox-0.2.0-4.1.mga6
- hiawatha-10.4-1.1.mga6