MGASA-2024-0037 Updated mbedtls packages fix security vulnerabilities

This update brings the mbedtls packages from 2.28.3 to the latest 2.28.7 release in the LTS branch, fixing a number of bugs as well the following security vulnerabilities: - Buffer overread in TLS stream cipher suites. - Timing side channel in private key RSA operations. - Buffer overflow in...

MGASA-2022-0415 Updated mbedtls packages fix security vulnerability

An unauthenticated remote host could send an invalid ClientHello message in which the declared length of the cookie extends past the end of the message. A DTLS server with MBEDTLSSSLDTLSCLIENTPORTREUSE enabled would read past the end of the message up to the declared length of the cookie. This...

MGASA-2020-0293 Updated mbedtls packages fix security vulnerability

Updated mbedtls packages fix security vulnerabilities Fix a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave. Fix side channel in mbedtlsecpcheckpubpriv and mbedtlspkparsekey / mbedtlspkparsekeyfile when loading a private key that...

MGASA-2020-0265 Updated mbedtls packages fix security vulnerability

Updated mbedtls packages fix security vulnerability Fix side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information typically an untrusted operating system attacking a secure enclave to fully recover an ECDSA private key. CVE-2020-10932 Fi...

MGASA-2019-0027 Updated mbedtls packages fix security vulnerability

A vulnerability was found in mbedTLS which allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-ECDHE cipher suites CVE-2018-19608...

MGASA-2018-0432 Updated mbedtls packages fix security vulnerabilities

Updated mbedtls package fixes security vulnerabilities: Fixed a vulnerability in the TLS ciphersuites based on use of CBC and SHA-384 in DTLS/TLS 1.0 to 1.2, that allowed an active network attacker to partially recover the plaintext of messages under certains conditions by exploiting timing...

MGASA-2018-0253 Updated mbedtls packages fix security issues

CVE-2018-9988: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverkeyexchange that could cause a crash on invalid input. CVE-2018-9989: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverpskhint that...

MGASA-2018-0038 Updated mbedtls packages fix security vulnerability

ARM mbed TLS before 1.3.21, 2.1.x before 2.1.9 and 2.x before 2.6.0, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates CVE-2017-14032...