Security update for polarssl
polarssl was updated to version 1.3.9 to fix two security issues.
These security issues were fixed:
- Lowest common hash was selected from signature_algorithms extension in TLS 1.2 (CVE-2014-8627).
- Remotely-triggerable memory leak when parsing some X.509 certificates (CVE-2014-8628).
-
Submitted by
Mariusz Fik (Fisiu)
Fixed bugs
bnc#903672
VUL-0: CVE-2014-8627: polarssl: polarssl 1.3.8 used in a server picks weaker signature algorithm than available
bnc#903671
hiawatha fails to start due to missing POLARSSL_THREADING_PTHREAD flag in polarssl
