Updated mbedtls packages fix security issues
Publication date: 24 May 2018Modification date: 24 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-9988 , CVE-2018-9989
Description
CVE-2018-9988: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. CVE-2018-9989: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
References
SRPMS
6/core
- bctoolbox-0.2.0-4.2.mga6
- hiawatha-10.4-1.2.mga6
- mbedtls-2.7.3-1.mga6
- shadowsocks-libev-3.1.0-1.2.mga6
6/tainted
- dolphin-emu-5.0-5.2.mga6.tainted