MGASA-2020-0265 - Updated mbedtls packages fix security vulnerability Publication date: 16 Jun 2020 URL: https://advisories.mageia.org/MGASA-2020-0265.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-10932 Updated mbedtls packages fix security vulnerability Fix side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) to fully recover an ECDSA private key. (CVE-2020-10932) Fix a potentially remotely exploitable buffer overread in a DTLS client when parsing the Hello Verify Request message. References: - https://bugs.mageia.org/show_bug.cgi?id=26758 - https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10932 SRPMS: - 7/core/mbedtls-2.16.6-1.mga7
Mageia 2020-0265: mbedtls security update
Updated mbedtls packages fix security vulnerability Fix side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information (typi...
Summary
Updated mbedtls packages fix security vulnerability
Fix side channel in ECC code that allowed an adversary with access to precise
enough timing and memory access information (typically an untrusted operating
system attacking a secure enclave) to fully recover an ECDSA private key.
(CVE-2020-10932)
Fix a potentially remotely exploitable buffer overread in a DTLS client when
parsing the Hello Verify Request message.
References
- https://bugs.mageia.org/show_bug.cgi?id=26758
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10932
Resolution
MGASA-2020-0265 - Updated mbedtls packages fix security vulnerability
SRPMS
- 7/core/mbedtls-2.16.6-1.mga7
Severity
Publication date: 16 Jun 2020
URL: https://advisories.mageia.org/MGASA-2020-0265.html
Type: security
CVE: CVE-2020-10932
News
HOWTOs
About Us
Powered By
