[ubuntu/xenial-security] mbedtls 2.2.1-2ubuntu0.3 (Accepted)

Paulo Flabiano Smorigo pfsmorigo at canonical.com
Tue Feb 4 20:16:35 UTC 2020

mbedtls (2.2.1-2ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflows and sensitive information disclousures
    - debian/patches/CVE-2017-18187.patch: Prevent bounds check bypass through
      overflow in PSK identity.
    - debian/patches/CVE-2018-0487.patch: RSA: Fix buffer overflow in PSS
      signature verification.
    - debian/patches/CVE-2018-0488-1.patch: Fix heap corruption in
    - debian/patches/CVE-2018-0488-2.patch: Fix SSLv3 MAC computation.
    - debian/patches/CVE-2018-0497.patch: Fix Lucky13 attack protection when
      using HMAC-SHA-384.
    - debian/patches/CVE-2018-0498-1.patch: Fix Lucky13 cache attack on
      MD/SHA padding.
    - debian/patches/CVE-2018-0498-2.patch: Add counter-measure to cache-based
      Lucky 13.
    - debian/patches/CVE-2018-0498-3.patch: Avoid debug message that might
      leak length.
    - CVE-2017-18187
    - CVE-2018-0487
    - CVE-2018-0488
    - CVE-2018-0497
    - CVE-2018-0498
  * SECURITY UPDATE: Update some certificates for the tests
    - debian/patches/regenerate-test-files.patch: Regenerate test files from
      recent version.

Date: 2020-02-04 18:45:15.269294+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list