13 matches found
Debian: Security Advisory (DLA-331-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 22 : mbedtls-1.3.14-1.fc22 (2015-7f939b3af5)
Update to 1.3.14 - CVE-2015-5291 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.1.2-and-1.3.14-and-polarssl-1 .2.17-released Security notes: https://tls.mbed.org/tech-updates/security-advisories/mb edtls-security- advisory-2015-01 Note that Tenable Network Security has...
Fedora 23 : mbedtls-2.1.2-1.fc23 (2015-e22bb33731)
Update to 2.1.2 - CVE-2015-5291 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.1.2-and-1.3.14-and-polarssl-1 .2.17-released Security notes: https://tls.mbed.org/tech-updates/security-advisories/mb edtls-security- advisory-2015-01 Note that Tenable Network Security has...
Fedora 21 : mbedtls-1.3.14-1.fc21 (2015-30a417bea9)
Update to 1.3.14 - CVE-2015-5291 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.1.2-and-1.3.14-and-polarssl-1 .2.17-released Security notes: https://tls.mbed.org/tech-updates/security-advisories/mb edtls-security- advisory-2015-01 Note that Tenable Network Security has...
Mageia: Security Advisory (MGASA-2016-0054)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 3468-1] polarssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3468-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 06, 2016 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-3468-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for mbedtls (openSUSE-SU-2015:2257-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : polarssl (openSUSE-2015-962)
This update for polarssl fixes the following security issue : - CVE-2015-5291: Remote code execution via session tickets or SNI boo949380 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
openSUSE Security Update : mbedtls (openSUSE-2015-898)
This update for mbedtls fixes the following security and non-security issues : - Update to 1.3.15 - Fix potential double free if sslsetpsk is called more than once and some allocation fails. Cannot be forced remotely. Found by Guido Vranken, Intelworks. - Fix potential heap corruption on windows...
CVE-2015-5291
CVE-2015-5291 and CVE-2015-8036 describe heap-based buffer overflows in PolarSSL (mbed TLS) that affect PolarSSL 1.x before 1.2.17 and mbed TLS 1.3.x before 1.3.14 and 2.x before 2.1.2. The flaw stems from improper boundary handling of the hostname/SNI extension in ClientHello, enabling remote at...
Fedora Update for mbedtls FEDORA-2015-7
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : mbedTLS/PolarSSL -- DoS and possible remote code execution (07a1a76c-734b-11e5-ae81-14dae9d210b8)
ARM Limited reports : When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow : the...