MGASA-2019-0027

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0027.html

Import Source

https://advisories.mageia.org/MGASA-2019-0027.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2019-0027

Related

CVE-2018-19608

Published

2019-01-10T10:53:49Z

Modified

2019-01-10T10:13:37Z

Summary

Updated mbedtls packages fix security vulnerability

Details

A vulnerability was found in mbedTLS which allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites (CVE-2018-19608).

References

https://advisories.mageia.org/MGASA-2019-0027.html
https://bugs.mageia.org/show_bug.cgi?id=24064
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03
https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.0-2.7.7-and-2.1.16-released
https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JPMHKBJDZVFFML2CJYXG3ELX7ADDG6ET/

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2019-0027

Affected packages