Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

Fedora 23 mbedtls Update: CVE-2015-5291 Critical Remote Execute Threat

fedora
Calendar Grey November 1, 2015
Dist Fedora Esm H88
Fedora 24 mbedtls patch resolves CVE-2016-1234 improving safety and performance standards significantly.
- Update to 2.1.2 - CVE-2015-5291 Release notes: https://www.trustedfirmware.org/projects/mbed-tls/ Security notes:

Summary

Mbed TLS is a light-weight open source cryptographic and SSL/TLS

library written in C. Mbed TLS makes it easy for developers to include

cryptographic and SSL/TLS capabilities in their (embedded)

applications with as little hassle as possible.

FOSS License Exception:

Update Information:

- Update to 2.1.2 - CVE-2015-5291 Release notes: Security

Change Log

References


[ 1 ] Bug #1270170 - CVE-2015-5291 polarssl: mbedtls: crash or remote code execution on clients using session tickets or SNI https://bugzilla.redhat.com/show_bug.cgi?id=1270170

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update mbedtls' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mbedtls
Product: Fedora 23
Version: 2.1.2
Release: 1.fc23
Summary: Light-weight cryptographic and SSL/TLS library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.