SUSE-SU-2026:1952-1 Security update for ovmf

This update for ovmf fixes the following issues - CVE-2026-25833: mbedtls: buffer underflow in x509inetptonipv6 bsc1261476. - CVE-2026-25834: mbedtls: Algorithm downgrade vulnerability bsc1261477. - CVE-2026-25835: mbedtls: PSA random generator cloning bsc1261478. - CVE-2026-34874: mbedtls: NULL...

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview aws-encryption-sdk is an AWS Encryption SDK implementation for Python Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' via the shared key cache. An attacker can bypass key commitment policy enforcement by...

SUSE CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

Linux Distros Unpatched Vulnerability : CVE-2026-25834

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. CVE-2026-25834 Note that Nessus relies on the presence of the package as reported by the vendo...

CVE-2026-25834

A flaw was found in Mbed TLS. A remote attacker could exploit this vulnerability by performing an algorithm downgrade attack. This could lead to a reduction in the security strength of cryptographic operations, potentially allowing for information disclosure or denial of service. Mitigation...

EUVD-2026-17967

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

ALPINE-CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

UBUNTU-CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

PT-2026-29578

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 3.3.0 through 3.6.5 and version 4.0.0 Description The Mbed TLS software contains a flaw related to Algorithm Downgrade. Recommendations Update to a version later than 3.6.5. Update to a version later than 4.0.0...

Mbed TLS 安全漏洞

Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed. Versions 3.3.0 to 3.6.5, as well as 4.0.0, of Mbed TLS contain security vulnerabilities due to a vulnerability that allows for algorithm downgrading...

CVE-2026-25834

CVE-2026-25834 is disclosed in the OpenSUSE/SUSE advisories linked to ovmf and is tied to mbed TLS 3.6.x. The OpenSUSE OpenSUSE-SU-2026:20875-1 advisory describes CVE-2026-25834 as: the client accepts a signature algorithm chosen by the server even if it was not advertised in the client hello. Th...

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' in the TLS 1.3 session resumption logic if the subsequent ClientHello negotiates TLS 1.2 back. An attacker can gain unauthorized access by impersonating a...

CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable t...

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview bthome-ble is a BThome BLE support Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' due to insufficient enforcement of encryption requirements in the parsebthomev1 and parsebthomev2 functions in...

CVE-2025-11934

Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously...