[SECURITY] [DLA 129-1] polarssl security update

Package : polarssl Version : 1.2.9-1deb6u3 CVE ID : CVE-2014-8628 It was discovered that a memory leak in parsing X.509 certificates may result in denial of service...

[SECURITY] Fedora 20 Update: polarssl-1.2.12-1.fc20

PolarSSL is a light-weight open source cryptographic and SSL/TLS library written in C. PolarSSL makes it easy for developers to include cryptographic and SSL/TLS capabilities in their embedded applications with as little hassle as possible...

MGASA-2013-0353 Updated polarssl, pdns & ragel packages fix CVE-2013-5915

Updated polarssl packages fix security vulnerability: The researchers Cyril Arnaud and Pierre-Alain Fouque investigated the PolarSSL RSA implementation and discovered a bias in the implementation of the Montgomery multiplication that we used. For which they then show that it can be used to mount ...

MGASA-2013-0290 Updated polarssl package fixes security vulnerabilities

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in PolarSSL before 1.2.6, does not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and...