VDB

MAGEIA-2018-432

MAGEIA-2018-432 PUBLISHED

Updated mbedtls package fixes security vulnerabilities: Fixed a vulnerability in the TLS ciphersuites based on use of CBC and SHA-384 in DTLS/TLS 1.0 to 1.2, that allowed an active network attacker to partially recover the plaintext of messages under certains conditions by exploiting timing side-channels (CVE-2018-0497). Fixed a vulnerability in TLS ciphersuites based on CBC, in DTLS/TLS 1.0 to 1.2, that allowed a local attacker, with the ability to execute code on the local machine as well as to manipulate network packets, to partially recover the plaintext of messages under certain conditions (CVE-2018-0498). Fixed an issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing (no CVE assigned).

Affected Products

VendorProductVersions
Mageiambedtls0, 2.7.6-1.mga6

Timeline

  • Nov 3, 2018 CVE Updated
  • Nov 3, 2018 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›