Security update for mbedtls
This update for mbedtls fixes the following issues:
- CVE-2018-0487: Fixed a buffer overflow in RSASSA-PSS signature
verification, which allowed remote attackers to execute arbitrary code or
cause a denial of service via a crafted certificate chain. (boo#1080826)
- CVE-2018-0488: Fixed a heap vulnerability, which allowed remote
attackers to execute arbitrary code or cause a DoS via a crafted application
packet when the truncated HMAC extension and CBC are used. (boo#1080828)
- CVE-2017-18187: Fixed bound check in ssl_parse_client_psk_identity(), which
might lead to an overflow. (boo#1080973)
-
Submitted by
Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#1080973
VUL-0: CVE-2017-18187: mbedtls: bounds check bypass through overflow in PSK identity parsing
bnc#1080826
VUL-0: CVE-2018-0487 mbedtls: Risk of remote code execution when verifying RSASSA-PSS signatures
bnc#1080828
VUL-0: CVE-2018-0488 mbedtls: Risk of remote code execution when truncated HMAC is enabled
