Bugs fixes in "mbedtls"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2018-0498 | ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) vi | 2020-02-05 |
| CVE | CVE-2018-0497 | ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuit | 2020-02-05 |
| CVE | CVE-2018-0488 | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute a | 2020-02-05 |
| CVE | CVE-2018-0487 | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer ov | 2020-02-05 |
| CVE | CVE-2017-18187 | In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity | 2020-02-05 |
| CVE | CVE-2018-0498 | ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) vi | 2020-02-04 |
| CVE | CVE-2018-0497 | ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuit | 2020-02-04 |
| CVE | CVE-2018-0488 | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute a | 2020-02-04 |
| CVE | CVE-2018-0487 | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer ov | 2020-02-04 |
| CVE | CVE-2017-18187 | In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity | 2020-02-04 |
| Launchpad | 1672686 | CVE-2017-2784 - Freeing of memory allocated on stack when validating a public key with a secp224k1 curve | 2017-03-24 |
| Launchpad | 1672686 | CVE-2017-2784 - Freeing of memory allocated on stack when validating a public key with a secp224k1 curve | 2017-03-24 |
About
-
Send Feedback to @ubuntu_updates
