Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 562608 - <net-libs/mbedtls-2.1.2: crash or remote code execution on clients using session tickets or SNI (CVE-2015-5291)
Summary: <net-libs/mbedtls-2.1.2: crash or remote code execution on clients using sess...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://tls.mbed.org/tech-updates/sec...
Whiteboard: B1 [glsa cve]
Keywords:
Depends on:
Blocks: CVE-2015-5291
  Show dependency tree
 
Reported: 2015-10-08 21:45 UTC by Julian Ospald
Modified: 2017-06-20 17:45 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Julian Ospald 2015-10-08 21:45:43 UTC
Denial of service and possible remote code execution, see $URL for full description. Severity rated high by upstream.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev Security 2017-04-17 22:20:45 UTC
Is PolarSSL done? I do not see anything higher then 1.3.9
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2017-04-29 16:07:18 UTC
Ping on the question above?
Comment 4 Thomas Sachau gentoo-dev 2017-05-13 13:53:58 UTC
Sorry, i have been and am still pretty busy, but for now checked the remaining packages depending on polarssl. I have opened bugs for them, bug 618354 tracks them.
Comment 5 Thomas Deutschmann gentoo-dev Security 2017-06-03 12:31:02 UTC
I split out net-libs/polarssl into bug 620502.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2017-06-20 17:45:52 UTC
This issue was resolved and addressed in
 GLSA 201706-18 at https://security.gentoo.org/glsa/201706-18
by GLSA coordinator Kristian Fiskerstrand (K_F).