Advisories ยป MGASA-2020-0370

Updated mbedtls packages fix security vulnerabilities

Publication date: 27 Sep 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-16150

Description

mbedtls 2.16.8 fixes three security vulnerabilities which could affect earlier
releases:

Local side channel attack on classical CBC decryption in (D)TLS
(CVE-2020-16150).

Local side channel attack on RSA and static Diffie-Hellman.

Protocol weakness in DHE-PSK key exchange.
                

References

SRPMS

7/core