MGASA-2018-0163

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0163.html

Import Source

https://advisories.mageia.org/MGASA-2018-0163.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2018-0163

Related

Published

2018-03-10T20:47:30Z

Modified

2022-01-22T02:45:17Z

Summary

Updated mbedtls and related packages fix security vulnerabilities

Details

The mbedtls package has been updated to fix several security issues.

Fixed a heap corruption issue in the implementation of the truncated HMAC extension. When the truncated HMAC extension is enabled and CBC is used, sending a malicious application packet could be used to selectively corrupt 6 bytes on the peer's heap, which could potentially lead to crash or remote code execution. The issue could be triggered remotely from either side in both TLS and DTLS. (CVE-2018-0488)

Fixed a buffer overflow in RSA-PSS verification when the hash was too large for the key size, which could potentially lead to crash or remote code execution. (CVE-2018-0487)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2018-0163

Affected packages