490 matches found
Fedora 22 : mbedtls-1.3.16-1.fc22 (2016-11cca392ff)
Update to 1.3.16 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl .1.2.19-released Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...
Fedora 21 : mbedtls-1.3.14-1.fc21 (2015-30a417bea9)
Update to 1.3.14 - CVE-2015-5291 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.1.2-and-1.3.14-and-polarssl-1 .2.17-released Security notes: https://tls.mbed.org/tech-updates/security-advisories/mb edtls-security- advisory-2015-01 Note that Tenable Network Security has...
Fedora 23 : mbedtls-2.2.1-1.fc23 (2016-b3784096ef)
Update to 2.2.1 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl .1.2.19-released ---- - Update to 2.2.0 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.2.0-2.1.3-1.3.15-and-polarssl .1.2.18-released Note that Tenable Network...
openSUSE: Security Advisory for mbedtls (openSUSE-SU-2015:2257-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
mbedtls: man-in-the-middle
mbedTLS before 2.2.1 is vulnerable to the SLOTH attack, breaking MD5 signatures potentially used during TLS 1.2 handshakes to impersonate a TLS server...
openSUSE Security Update : mbedtls (openSUSE-2016-59) (SLOTH)
This update to mbedtls 1.3.16 fixes the following security issues : - CVE-2015-7575: Disables by default MD5 handshake signatures in TLS 1.2 to prevent the SLOTH attack on TLS 1.2 server authentication boo961284 - boo961290: potential double free during certificate generation %NASLMINLEVEL 70300 ...
Fedora Update for mbedtls FEDORA-2016-11
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication (4084168e-b531-11e5-a98c-0011d823eebd)
ARM Limited reports : MD5 handshake signatures in TLS 1.2 are vulnerable to the SLOTH attack on TLS 1.2 server authentication. They have been disabled by default. Other attacks from the SLOTH paper do not apply to any version of mbed TLS or PolarSSL. %NASLMINLEVEL 70300 C Tenable Network Security...
mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication
ARM Limited reports: MD5 handshake signatures in TLS 1.2 are vulnerable to the SLOTH attack on TLS 1.2 server authentication. They have been disabled by default. Other attacks from the SLOTH paper do not apply to any version of mbed TLS or PolarSSL...
openSUSE Security Update : mbedtls (openSUSE-2015-898)
This update for mbedtls fixes the following security and non-security issues : - Update to 1.3.15 - Fix potential double free if sslsetpsk is called more than once and some allocation fails. Cannot be forced remotely. Found by Guido Vranken, Intelworks. - Fix potential heap corruption on windows...
Security update for mbedtls (important)
This update for mbedtls fixes the following security and non-security issues: - Update to 1.3.15 Fix potential double free if sslsetpsk is called more than once and some allocation fails. Cannot be forced remotely. Found by Guido Vranken, Intelworks. Fix potential heap corruption on windows when...
Fedora Update for mbedtls FEDORA-2015-30
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for mbedtls FEDORA-2015-7
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 21 Update: mbedtls-1.3.14-1.fc21
Mbed TLS is a light-weight open source cryptographic and SSL/TLS library written in C. Mbed TLS makes it easy for developers to include cryptographic and SSL/TLS capabilities in their embedded applications with as little hassle as possible. FOSS License Exception:...
mbedtls: arbitrary code execution
When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the session ticket extension an...
FreeBSD : mbedTLS/PolarSSL -- DoS and possible remote code execution (07a1a76c-734b-11e5-ae81-14dae9d210b8)
ARM Limited reports : When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow : the...
FreeBSD : mbedTLS/PolarSSL -- multiple vulnerabilities (5d280761-6bcf-11e5-9909-002590263bf5)
ARM Limited reports : Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach for PKCS1 v1.5 signatures. These releases include countermeasures against that attack. Fabian Foerg of Gotham Digital Science found a possible client-side NULL pointer dereference, using the AFL Fuzzer. This...
FreeBSD : mbedTLS/PolarSSL -- multiple vulnerabilities (953aaa57-6bce-11e5-9909-002590263bf5)
ARM Limited reports : In order to strengthen the minimum requirements for connections and to protect against the Logjam attack, the minimum size of Diffie-Hellman parameters accepted by the client has been increased to 1024 bits. In addition the default size for the Diffie-Hellman parameters on t...
mbedTLS/PolarSSL -- DoS and possible remote code execution
ARM Limited reports: When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the sessio...
mbedTLS/PolarSSL -- multiple vulnerabilities
ARM Limited reports: Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach for PKCS1 v1.5 signatures. These releases include countermeasures against that attack. Fabian Foerg of Gotham Digital Science found a possible client-side NULL pointer dereference, using the AFL Fuzzer. This...