[ubuntu/xenial-updates] mbedtls 2.2.1-2ubuntu0.3 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Feb 4 20:58:13 UTC 2020
mbedtls (2.2.1-2ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: Buffer overflows and sensitive information disclousures
- debian/patches/CVE-2017-18187.patch: Prevent bounds check bypass through
overflow in PSK identity.
- debian/patches/CVE-2018-0487.patch: RSA: Fix buffer overflow in PSS
signature verification.
- debian/patches/CVE-2018-0488-1.patch: Fix heap corruption in
ssl_decrypt_buf.
- debian/patches/CVE-2018-0488-2.patch: Fix SSLv3 MAC computation.
- debian/patches/CVE-2018-0497.patch: Fix Lucky13 attack protection when
using HMAC-SHA-384.
- debian/patches/CVE-2018-0498-1.patch: Fix Lucky13 cache attack on
MD/SHA padding.
- debian/patches/CVE-2018-0498-2.patch: Add counter-measure to cache-based
Lucky 13.
- debian/patches/CVE-2018-0498-3.patch: Avoid debug message that might
leak length.
- CVE-2017-18187
- CVE-2018-0487
- CVE-2018-0488
- CVE-2018-0497
- CVE-2018-0498
* SECURITY UPDATE: Update some certificates for the tests
- debian/patches/regenerate-test-files.patch: Regenerate test files from
recent version.
Date: 2020-02-04 18:45:15.269294+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/mbedtls/2.2.1-2ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list