Explore top 10 tips to secure your open-source projects now. Read More
×
This update for mbedtls fixes the following security and non-security
issues:
- Update to 1.3.15
* Fix potential double free if ssl_set_psk() is called more than once
and some allocation fails. Cannot be forced remotely. Found by Guido
Vranken, Intelworks.
* Fix potential heap corruption on windows when x509_crt_parse_path() is
passed a path longer than 2GB. Cannot be triggered remotely. Found by
Guido Vranken, Intelworks.
* Fix potential buffer overflow in some asn1_write_xxx() functions.
Cannot be triggered remotely unless you create X.509 certificates based
on untrusted input or write keys of untrusted origin. Found by Guido
Vranken, Intelworks.
* The x509 max_pathlen constraint was not enforced on intermediate
certificates. Found by Nicholas Wilson, fix and tests provided by
Janos Follath. #280 and #319
* Self-signed certificates were not excluded from pathlen counting,
...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2015-898=1
To bring your system up-to-date, use "zypper patch".
- openSUSE Leap 42.1 (i586 x86_64):
libmbedtls9-1.3.15-6.1
libmbedtls9-debuginfo-1.3.15-6.1
mbedtls-debugsource-1.3.15-6.1
mbedtls-devel-1.3.15-6.1
- openSUSE Leap 42.1 (x86_64):
libmbedtls9-32bit-1.3.15-6.1
libmbedtls9-debuginfo-32bit-1.3.15-6.1
https://www.suse.com/security/cve/CVE-2015-5291.html
https://bugzilla.suse.com/949380
--
Get the latest Linux and open source security news straight to your inbox.