Package "mbedtls"
| Name: |
mbedtls
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- lightweight crypto and SSL/TLS library - crypto library
- lightweight crypto and SSL/TLS library - development files
- lightweight crypto and SSL/TLS library - documentation
- lightweight crypto and SSL/TLS library - tls library
|
| Latest version: |
2.2.1-2ubuntu0.3 |
| Release: |
xenial (16.04) |
| Level: |
updates |
| Repository: |
universe |
Links
Other versions of "mbedtls" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
|
mbedtls (2.2.1-2ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: Buffer overflows and sensitive information disclousures
- debian/patches/CVE-2017-18187.patch: Prevent bounds check bypass through
overflow in PSK identity.
- debian/patches/CVE-2018-0487.patch: RSA: Fix buffer overflow in PSS
signature verification.
- debian/patches/CVE-2018-0488-1.patch: Fix heap corruption in
ssl_decrypt_buf.
- debian/patches/CVE-2018-0488-2.patch: Fix SSLv3 MAC computation.
- debian/patches/CVE-2018-0497.patch: Fix Lucky13 attack protection when
using HMAC-SHA-384.
- debian/patches/CVE-2018-0498-1.patch: Fix Lucky13 cache attack on
MD/SHA padding.
- debian/patches/CVE-2018-0498-2.patch: Add counter-measure to cache-based
Lucky 13.
- debian/patches/CVE-2018-0498-3.patch: Avoid debug message that might
leak length.
- CVE-2017-18187
- CVE-2018-0487
- CVE-2018-0488
- CVE-2018-0497
- CVE-2018-0498
* SECURITY UPDATE: Update some certificates for the tests
- debian/patches/regenerate-test-files.patch: Regenerate test files from
recent version.
-- Paulo Flabiano Smorigo <email address hidden> Tue, 04 Feb 2020 12:56:35 +0000
|
| Source diff to previous version |
| CVE-2017-18187 |
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity |
| CVE-2018-0487 |
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer ov |
| CVE-2018-0488 |
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute a |
| CVE-2018-0497 |
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuit |
| CVE-2018-0498 |
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) vi |
|
|
mbedtls (2.2.1-2ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: If optional authentication is configured, allows
remote attackers to bypass peer authentication via an X.509 certificate
chain with many intermediates. (LP: #1714640)
- debian/patches/CVE-2017-14032.patch, backport two upstream patches to
return and handle a new "fatal error" error code in case of long
certificate chains.
- CVE-2017-14032
-- James Cowgill <email address hidden> Wed, 06 Sep 2017 21:00:51 +0100
|
| Source diff to previous version |
|
mbedtls (2.2.1-2ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Freeing of memory allocated on stack when validating
a public key with a secp224k1 curve. (LP: #1672686)
- debian/patches/CVE-2017-2784.patch: fix buffer size calculations in
library/ecp_curves.c.
- CVE-2017-2784
-- James Cowgill <email address hidden> Fri, 17 Mar 2017 09:36:37 +0000
|
| 1672686 |
CVE-2017-2784 - Freeing of memory allocated on stack when validating a public key with a secp224k1 curve |
|
About
-
Send Feedback to @ubuntu_updates
