Lucene search
Gentoo FoundationMGASA-2018-0163HistoryMar 10, 2018 - 11:47 p.m.
Updated mbedtls and related packages fix security vulnerabilities
2018-03-1023:47:30
Gentoo Foundation
advisories.mageia.org
10
0.069 Low
EPSS
Percentile
93.9%
The mbedtls package has been updated to fix several security issues. Fixed a heap corruption issue in the implementation of the truncated HMAC extension. When the truncated HMAC extension is enabled and CBC is used, sending a malicious application packet could be used to selectively corrupt 6 bytes on the peer’s heap, which could potentially lead to crash or remote code execution. The issue could be triggered remotely from either side in both TLS and DTLS. (CVE-2018-0488) Fixed a buffer overflow in RSA-PSS verification when the hash was too large for the key size, which could potentially lead to crash or remote code execution. (CVE-2018-0487)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 6 | noarch | mbedtls | < 2.7.0-1 | mbedtls-2.7.0-1.mga6 |
| Mageia | 6 | noarch | shadowsocks-libev | < 3.1.0-1.1 | shadowsocks-libev-3.1.0-1.1.mga6 |
| Mageia | 6 | noarch | bctoolbox | < 0.2.0-4.1 | bctoolbox-0.2.0-4.1.mga6 |
| Mageia | 6 | noarch | hiawatha | < 10.4-1.1 | hiawatha-10.4-1.1.mga6 |
| Mageia | 6 | noarch | dolphin-emu | < 5.0-5.1 | dolphin-emu-5.0-5.1.mga6 |
Related
openvas
openvas
Mageia: Security Advisory (MGASA-2018-0163)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-4138-1)
2018-03-14 00:00:00
Fedora Update for mbedtls FEDORA-2018-eb58dc8a6f
2018-03-01 00:00:00
nessus
nessus
FreeBSD : mbed TLS (PolarSSL) -- remote code execution (c2f107e1-2493-11e8-b3e8-001cc0382b2f)
2018-03-12 00:00:00
openSUSE Security Update : mbedtls (openSUSE-2018-186)
2018-02-21 00:00:00
Debian DSA-4138-1 : mbedtls - security update
2018-03-16 00:00:00
archlinux
archlinux
[ASA-201802-15] mbedtls: arbitrary code execution
2018-02-24 00:00:00
freebsd
freebsd
mbed TLS (PolarSSL) -- remote code execution
2018-02-05 00:00:00
debian
debian
[SECURITY] [DSA 4147-1] polarssl security update
2018-03-21 14:27:39
[SECURITY] [DSA 4138-1] mbedtls security update
2018-03-15 10:47:18
[SECURITY] [DSA 4147-1] polarssl security update
2018-03-21 14:28:00
osv
osv
polarssl - security update
2018-03-21 00:00:00
mbedtls - security update
2018-03-15 00:00:00
CVE-2018-0487
2018-02-13 15:29:00
gentoo
gentoo
mbed TLS: Multiple vulnerabilites
2018-04-22 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: mbedtls-2.7.0-1.fc27
2018-02-28 17:10:35
[SECURITY] Fedora 26 Update: mbedtls-2.7.0-1.fc26
2018-02-28 16:44:37
alpinelinux
alpinelinux
CVE-2018-0487
2018-02-13 15:29:00
CVE-2018-0488
2018-02-13 15:29:00
ubuntucve
ubuntucve
CVE-2018-0487
2018-02-13 00:00:00
CVE-2018-0488
2018-02-13 00:00:00
ubuntu
ubuntu
ARM mbed TLS vulnerabilities
2020-02-05 00:00:00
prion
prion
Buffer overflow
2018-02-13 15:29:00
Design/Logic Flaw
2018-02-13 15:29:00
cvelist
cvelist
CVE-2018-0487
2018-02-13 15:00:00
CVE-2018-0488
2018-02-13 15:00:00
debiancve
debiancve
CVE-2018-0487
2018-02-13 15:29:00
CVE-2018-0488
2018-02-13 15:29:00
cve
cve
CVE-2018-0487
2018-02-13 15:29:00
CVE-2018-0488
2018-02-13 15:29:00