diff options
| author | tijl <tijl@FreeBSD.org> | 2018-04-24 03:17:27 +0800 |
|---|---|---|
| committer | tijl <tijl@FreeBSD.org> | 2018-04-24 03:17:27 +0800 |
| commit | 5dff586acc0097d85d450c1e54073284a2ed787f (patch) | |
| tree | 85657076aebd1768f3379364291c90e469e0d078 | |
| parent | 2b356680bf2046bf286eeddd8e4bb4f3703d9101 (diff) | |
| download | freebsd-ports-gnome-5dff586acc0097d85d450c1e54073284a2ed787f.tar.gz freebsd-ports-gnome-5dff586acc0097d85d450c1e54073284a2ed787f.tar.zst freebsd-ports-gnome-5dff586acc0097d85d450c1e54073284a2ed787f.zip | |
Document mbed TLS vulnerabilities
Security: https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
| -rw-r--r-- | security/vuxml/vuln.xml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 47f7892eb0e7..dcf44d75df1d 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,48 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="d8382a69-4728-11e8-ba83-0011d823eebd"> + <topic>mbed TLS (PolarSSL) -- multiple vulnerabilities</topic> + <affects> + <package> + <name>mbedtls</name> + <range><lt>2.7.2</lt></range> + </package> + <package> + <name>polarssl13</name> + <range><ge>*</ge></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Simon Butcher reports:</p> + <blockquote cite="https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released"> + <ul> + <li>Defend against Bellcore glitch attacks by verifying the results + of RSA private key operations.</li> + <li>Fix implementation of the truncated HMAC extension. The + previous implementation allowed an offline 2^80 brute force + attack on the HMAC key of a single, uninterrupted connection + (with no resumption of the session).</li> + <li>Reject CRLs containing unsupported critical extensions. Found + by Falko Strenzke and Evangelos Karatsiolis.</li> + <li>Fix a buffer overread in ssl_parse_server_key_exchange() that + could cause a crash on invalid input.</li> + <li>Fix a buffer overread in ssl_parse_server_psk_hint() that could + cause a crash on invalid input.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released</url> + </references> + <dates> + <discovery>2018-03-21</discovery> + <entry>2018-04-23</entry> + </dates> + </vuln> + <vuln vid="57aec168-453e-11e8-8777-b499baebfeaf"> <topic>MySQL -- multiple vulnerabilities</topic> <affects> |