Since there is nothing left to sponsor, I am unsubscribing ubuntu- security-sponsors. Please re-subscribe the group when attaching another debdiff. Thanks!
** Also affects: polarssl (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: mbedtls (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: polarssl (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: mbedtls (Ubuntu Yakkety) Importance: Undecided Status: New ** Changed in: mbedtls (Ubuntu Xenial) Status: New => Fix Released ** Changed in: mbedtls (Ubuntu Yakkety) Status: New => Fix Committed ** Changed in: mbedtls (Ubuntu Yakkety) Status: Fix Committed => Fix Released ** Changed in: polarssl (Ubuntu Xenial) Status: New => Confirmed ** Changed in: polarssl (Ubuntu Yakkety) Status: New => Confirmed -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1672686 Title: CVE-2017-2784 - Freeing of memory allocated on stack when validating a public key with a secp224k1 curve Status in mbedtls package in Ubuntu: Fix Released Status in polarssl package in Ubuntu: Incomplete Status in mbedtls source package in Xenial: Fix Released Status in polarssl source package in Xenial: Confirmed Status in mbedtls source package in Yakkety: Fix Released Status in polarssl source package in Yakkety: Confirmed Status in mbedtls package in Debian: Fix Released Status in polarssl package in Debian: Confirmed Bug description: The following security bug was published for mbedtls: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve [Vulnerability] If a malicious peer supplies a certificate with a specially crafted secp224k1 public key, then an attacker can cause the server or client to attempt to free block of memory held on stack. [Impact] Depending on the platform, this could result in a Denial of Service (client crash) or potentially could be exploited to allow remote code execution with the same privileges as the host application. [Resolution] Affected users should upgrade to mbed TLS 1.3.19, mbed TLS 2.1.7 or mbed TLS 2.4.2. https://tls.mbed.org/tech-updates/security-advisories/mbedtls- security-advisory-2017-01 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mbedtls/+bug/1672686/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp