VDB
GCVE-110-MAGEIA-2016-54
GCVE-110-MAGEIA-2016-54
Advisory Published
Note: this package was called polarssl, but is now called mbed tls. The
PolarSSL software is now called mbed TLS.
Heap-based buffer overflow in mbed TLS (formerly PolarSSL) 1.3.x before
1.3.14 allows remote SSL servers to cause a denial of service
(client crash) and possibly execute arbitrary code via a long hostname to
the server name indication (SNI) extension, which is not properly handled
when creating a ClientHello message (CVE-2015-5291).
Heap-based buffer overflow in mbed TLS (formerly PolarSSL) 1.3.x before
1.3.14 allows remote SSL servers to cause a denial of service
(client crash) and possibly execute arbitrary code via a long session
ticket name to the session ticket extension, which is not properly
handled when creating a ClientHello message to resume a session
(CVE-2015-8036).
The mbedtls package has been updated to version 1.3.16, which contains
several other bug fixes, security fixes, and security enhancements.
The hiawatha package, which uses the polarssl/mbedtls library, has been
updated to version 9.13 for improved compatibility.
The belle-sip library package has been updated to version 1.4.2 for
improved compatibility and the linphone package has been rebuilt against
mbedtls.
The pdns package has also been rebuilt against mbedtls.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | pdns | 0 (affected), 3.3.3-1.1.mga5 (unaffected), 0 (affected), 3.3.3-1.1.mga5 (unaffected) | — |
| Mageia | xarchiver | 0 (affected), 0.5.4-1.1.mga5 (unaffected) | — |
| Mageia | linphone | 3.8.1-1.1.mga5 (unaffected), 0 (affected), 0 (affected), 3.8.1-1.1.mga5 (unaffected) | — |
| Mageia | mbedtls | 1.3.16-1.mga5 (unaffected), 0 (affected), 1.3.16-1.mga5 (unaffected), 0 (affected) | — |
| Mageia | hiawatha | 0 (affected), 9.13-1.mga5 (unaffected), 0 (affected), 9.13-1.mga5 (unaffected) | — |
| Mageia | belle-sip | 0 (affected), 1.4.2-1.mga5 (unaffected), 0 (affected), 1.4.2-1.mga5 (unaffected) | — |
Aliases
References
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.