MGASA-2020-0265

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0265.html

Import Source

https://advisories.mageia.org/MGASA-2020-0265.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0265

Related

CVE-2020-10932

Published

2020-06-16T07:45:15Z

Modified

2020-06-16T07:06:19Z

Summary

Updated mbedtls packages fix security vulnerability

Details

Updated mbedtls packages fix security vulnerability

Fix side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) to fully recover an ECDSA private key. (CVE-2020-10932)

Fix a potentially remotely exploitable buffer overread in a DTLS client when parsing the Hello Verify Request message.

References

https://advisories.mageia.org/MGASA-2020-0265.html
https://bugs.mageia.org/show_bug.cgi?id=26758
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0265

Affected packages