mbedtls (2.2.1-2ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: Buffer overflows and sensitive information disclousures
- debian/patches/CVE-2017-18187.patch: Prevent bounds check bypass through
overflow in PSK identity.
- debian/patches/CVE-2018-0487.patch: RSA: Fix buffer overflow in PSS
signature verification.
- debian/patches/CVE-2018-0488-1.patch: Fix heap corruption in
ssl_decrypt_buf.
- debian/patches/CVE-2018-0488-2.patch: Fix SSLv3 MAC computation.
- debian/patches/CVE-2018-0497.patch: Fix Lucky13 attack protection when
using HMAC-SHA-384.
- debian/patches/CVE-2018-0498-1.patch: Fix Lucky13 cache attack on
MD/SHA padding.
- debian/patches/CVE-2018-0498-2.patch: Add counter-measure to cache-based
Lucky 13.
- debian/patches/CVE-2018-0498-3.patch: Avoid debug message that might
leak length.
- CVE-2017-18187
- CVE-2018-0487
- CVE-2018-0488
- CVE-2018-0497
- CVE-2018-0498
* SECURITY UPDATE: Update some certificates for the tests
- debian/patches/regenerate-test-files.patch: Regenerate test files from
recent version.
Date: 2020-02-04 18:45:15.269294+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmor...@canonical.com>
https://launchpad.net/ubuntu/+source/mbedtls/2.2.1-2ubuntu0.3
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes