Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 504
Alerts This Week
Warning Icon 1 504

Fedora 21: FEDORA-2015-30a417bea9 Critical Mbedtls Remote Code Execution

fedora
Calendar Grey October 23, 2015
Dist Fedora Esm H88
The recent mbedtls update in Fedora provides crucial security enhancements addressing vulnerabilities related to remote execution and system stability issues.
- Update to 1.3.14 - CVE-2015-5291 Release notes: https://www.trustedfirmware.org/projects/mbed-tls/ Security notes:

Summary

Mbed TLS is a light-weight open source cryptographic and SSL/TLS

library written in C. Mbed TLS makes it easy for developers to include

cryptographic and SSL/TLS capabilities in their (embedded)

applications with as little hassle as possible.

FOSS License Exception:

Update Information:

- Update to 1.3.14 - CVE-2015-5291 Release notes: Security

Change Log

References


[ 1 ] Bug #1270170 - CVE-2015-5291 polarssl: mbedtls: crash or remote code execution on clients using session tickets or SNI https://bugzilla.redhat.com/show_bug.cgi?id=1270170

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update mbedtls' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mbedtls
Product: Fedora 21
Version: 1.3.14
Release: 1.fc21
Summary: Light-weight cryptographic and SSL/TLS library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.