Security update for ovmf (important)

openSUSE security update: security update for ovmf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20875-1 Rating: important References: bsc1261469 bsc1261476 bsc1261477 bsc1261478 Cross-References: CVE-2026-25833 CVE-2026-25834 CVE-2026-25835...

Astra Linux - уязвимость в mbedtls

A vulnerability was discovered in Arm Mbed TLS before versions 2.16.6 and 2.7.x, prior to 2.7.15. An attacker who can obtain precise side-channel measurements can recover the long-term ECDSA private key by 1 reconstructing the projective coordinates of the result of scalar multiplication by...

Astra Linux - уязвимость в mbedtls

Mbed TLS versions before 3.0.1 have a double-free error under certain out-of-memory conditions, as demonstrated by a failure in the mbedtlssslsetsession function...

SUSE SLES15 Security Update : ovmf (SUSE-SU-2026:1952-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1952-1 advisory. This update for ovmf fixes the following issues - CVE-2026-25833: mbedtls: buffer underflow in x509inetptonipv6 bsc1261476. -...

Security update for ovmf

This update for ovmf fixes the following issues CVE-2026-25833: mbedtls: buffer underflow in x509inetptonipv6 bsc1261476. CVE-2026-25834: mbedtls: Algorithm downgrade vulnerability bsc1261477. CVE-2026-25835: mbedtls: PSA random generator cloning bsc1261478. CVE-2026-34874: mbedtls: NULL pointer...

curl: TLS verifyhost bypass in rustls, mbedTLS, and wolfSSL when verifypeer=0

The now-well-known CURLOPTSSLVERIFYHOST-bypass-when-CURLOPTSSLVERIFYPEER=0 defect exists in three of curl's TLS backends: rustls EXPERIMENTAL, mbedTLS, and wolfSSL DNS hostnames only. The documented contract at docs/libcurl/opts/CURLOPTSSLVERIFYPEER.md:57-59: The check that the host name in the...

EUVD-2026-29033

Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...

CVE-2026-1677 net: TLS 1.2 connections allowed on TLS 1.3 sockets

Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...

Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, which stems from the use of sockets created with IPPROTOTLS13. When both TLS versions are enabled, TLS 1.2 can still be negotiated, as the protocol selection at the...

PT-2026-39574

Zephyr sockets created with IPPROTO TLS 1 3 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtls ssl conf min tls version. The ClientHello advertises both versions and the...

Linux Distros Unpatched Vulnerability : CVE-2021-26529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 compiled with mbedTLS support is vulnerable to remote OOB write attack via connection...

curl: mbedTLS private-key blob null-termination asymmetry in lib/vtls/mbedtls.c (mbed_load_privkey)

Summary: In lib/vtls/mbedtls.c, function mbedloadprivkey lines 653-738 passes raw sslkeyblob-data and sslkeyblob-len directly to mbedtlspkparsekey at lines 706-708 mbedTLS 4.x branch and 718-722 mbedTLS 3.x branch, without ensuring null-termination. The mbedTLS API contract for mbedtlspkparsekey...

ROOT-OS-DEBIAN-12-CVE-2025-52496 CVE-2025-52496 in rootio-mbedtls - Patched by Root

Root has patched CVE-2025-52496 in the rootio-mbedtls package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-34872 CVE-2026-34872 in rootio-mbedtls - Patched by Root

Root has patched CVE-2026-34872 in the rootio-mbedtls package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2024-28960 CVE-2024-28960 in rootio-mbedtls - Patched by Root

Root has patched CVE-2024-28960 in the rootio-mbedtls package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-34873 CVE-2026-34873 in rootio-mbedtls - Patched by Root

Root has patched CVE-2026-34873 in the rootio-mbedtls package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2025-27809 CVE-2025-27809 in rootio-mbedtls - Patched by Root

Root has patched CVE-2025-27809 in the rootio-mbedtls package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2024-23170 CVE-2024-23170 in rootio-mbedtls - Patched by Root

Root has patched CVE-2024-23170 in the rootio-mbedtls package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2025-52497 CVE-2025-52497 in rootio-mbedtls - Patched by Root

Root has patched CVE-2025-52497 in the rootio-mbedtls package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2024-23775 CVE-2024-23775 in rootio-mbedtls - Patched by Root

Root has patched CVE-2024-23775 in the rootio-mbedtls package for Root:Debian:12. Multiple fixed versions available...