VDB

GCVE-110-MAGEIA-2016-54

GCVE-110-MAGEIA-2016-54
Advisory Published
Vulnetix · Advisory published February 9, 2016
Note: this package was called polarssl, but is now called mbed tls. The PolarSSL software is now called mbed TLS. Heap-based buffer overflow in mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message (CVE-2015-5291). Heap-based buffer overflow in mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session (CVE-2015-8036). The mbedtls package has been updated to version 1.3.16, which contains several other bug fixes, security fixes, and security enhancements. The hiawatha package, which uses the polarssl/mbedtls library, has been updated to version 9.13 for improved compatibility. The belle-sip library package has been updated to version 1.4.2 for improved compatibility and the linphone package has been rebuilt against mbedtls. The pdns package has also been rebuilt against mbedtls.

Affected Products

VendorProductVersionsPlatforms
Mageiapdns0 (affected), 3.3.3-1.1.mga5 (unaffected), 0 (affected), 3.3.3-1.1.mga5 (unaffected)
Mageiaxarchiver0 (affected), 0.5.4-1.1.mga5 (unaffected)
Mageialinphone3.8.1-1.1.mga5 (unaffected), 0 (affected), 0 (affected), 3.8.1-1.1.mga5 (unaffected)
Mageiambedtls1.3.16-1.mga5 (unaffected), 0 (affected), 1.3.16-1.mga5 (unaffected), 0 (affected)
Mageiahiawatha0 (affected), 9.13-1.mga5 (unaffected), 0 (affected), 9.13-1.mga5 (unaffected)
Mageiabelle-sip0 (affected), 1.4.2-1.mga5 (unaffected), 0 (affected), 1.4.2-1.mga5 (unaffected)

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›