CVE-2018-0488

Several security issues were fixed in mbedtls ...

Debian Bug report logs - #890287 mbedtls: CVE-2018-0488 - Risk of remote code execution when truncated HMAC is enabled Package: src:mbedtls; Maintainer for src:mbedtls is James Cowgill <jcowgill@debianorg>; Reported by: James Cowgill <jcowgill@debianorg> Date: Mon, 12 Feb 2018 23:27:02 UTC Severity: grave Tags: sec ...

Debian Bug report logs - #890288 mbedtls: CVE-2018-0487 - Risk of remote code execution when verifying RSASSA-PSS signatures Package: src:mbedtls; Maintainer for src:mbedtls is James Cowgill <jcowgill@debianorg>; Reported by: James Cowgill <jcowgill@debianorg> Date: Mon, 12 Feb 2018 23:30:02 UTC Severity: grave Tag ...

Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code For the stable distribution (stretch), these problems have been fixed in version 242-1+deb9u2 We recommend that you upgrade your mbedtls ...

Several vulnerabilities were discovered in PolarSSL, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 139-21+deb8u3 We recommend that you upgrade your pol ...

ARM mbed TLS before 270, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session ...