Overview

File _patchinfo of Package patchinfo.7802

<patchinfo incident="7802">
  <issue id="1080973" tracker="bnc">VUL-0: CVE-2017-18187: mbedtls: bounds check bypass through overflow in PSK identity parsing</issue>
  <issue id="1080826" tracker="bnc">VUL-0: CVE-2018-0487 mbedtls: Risk of remote code execution when verifying RSASSA-PSS signatures</issue>
  <issue id="1080828" tracker="bnc">VUL-0: CVE-2018-0488 mbedtls: Risk of remote code execution when truncated HMAC is enabled</issue>
  <issue id="2018-0488" tracker="cve" />
  <issue id="2018-0487" tracker="cve" />
  <issue id="2017-18187" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>This update for mbedtls fixes the following issues:

- CVE-2018-0487: Fixed a buffer overflow in RSASSA-PSS signature
  verification, which allowed remote attackers to execute arbitrary code or
  cause a denial of service via a crafted certificate chain. (boo#1080826)
- CVE-2018-0488: Fixed a heap vulnerability, which allowed remote
  attackers to execute arbitrary code or cause a DoS via a crafted application
  packet when the truncated HMAC extension and CBC are used. (boo#1080828)
- CVE-2017-18187: Fixed bound check in ssl_parse_client_psk_identity(), which
  might lead to an overflow. (boo#1080973)
</description>
  <summary>Security update for mbedtls</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places