Advisories » MGASA-2024-0146

Updated mbedtls packages fix security vulnerability

Publication date: 25 Apr 2024
Modification date: 25 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-28960

Description

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8
and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles
shared memory. (CVE-2024-28960)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33120
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28960

SRPMS

9/core

• mbedtls-2.28.8-1.mga9