Security update for mbedtls
This update to mbedtls 1.3.16 fixes the following security issues:
* CVE-2015-7575: Disables by default MD5 handshake signatures in TLS 1.2 to prevent the SLOTH attack on TLS 1.2 server authentication (boo#961284)
* boo#961290: potential double free during certificate generation
-
Submitted by
Martin Pluskal (pluskalm)
Fixed bugs
bnc#961284
VUL-0: CVE-2015-7575: mbedtls, polarssl: SLOTH attack
bnc#961290
VUL-1: mbedtls, polarssl: potential double free during certificate generation
