Alerts This Week
Warning Icon 1 989
Alerts This Week
Warning Icon 1 989

openSUSE mbedtls-2 Important Stack Memory Authentication Bypass 2026-0213-1

opensuse
Calendar Grey June 25, 2026
Dist Opensuse Esm H88
Update for mbedtls-2 fixes important issues regarding authentication bypass and stack memory concerns.
An update that fixes two vulnerabilities is now available.

Description

This update for mbedtls-2 fixes the following issues:

- Update to version 2.28.10 (2.28 LTS line), fixing:

* CVE-2025-27809: the TLS client accepted certificates valid for

arbitrary hostnames unless the application called

mbedtls_ssl_set_hostname() (boo#1240051)

* CVE-2025-27810: use of uninitialized stack memory when composing the

TLS Finished message could lead to an authentication bypass such as a

replay (boo#1240052)

- Sync packaging with Factory: enable MBEDTLS_SSL_DTLS_SRTP and

MBEDTLS_SSL_PROTO_DTLS and ship the everest headers and pkg-config files

in the -devel subpackage

Topics%20covered

Topics Covered

security advisory important authentication memory bypass mbedtls

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-213=1

Package List

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

libmbedcrypto7-2.28.10-bp157.2.3.1

libmbedtls14-2.28.10-bp157.2.3.1

libmbedx509-1-2.28.10-bp157.2.3.1

mbedtls-2-devel-2.28.10-bp157.2.3.1

- openSUSE Backports SLE-15-SP7 (aarch64_ilp32):

libmbedcrypto7-64bit-2.28.10-bp157.2.3.1

libmbedtls14-64bit-2.28.10-bp157.2.3.1

libmbedx509-1-64bit-2.28.10-bp157.2.3.1

- openSUSE Backports SLE-15-SP7 (x86_64):

libmbedcrypto7-32bit-2.28.10-bp157.2.3.1

libmbedtls14-32bit-2.28.10-bp157.2.3.1

libmbedx509-1-32bit-2.28.10-bp157.2.3.1

References

https://www.suse.com/security/cve/CVE-2025-27809.html

https://www.suse.com/security/cve/CVE-2025-27810.html

https://bugzilla.suse.com/1240051

https://bugzilla.suse.com/1240052

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:0213-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP7

Topics%20covered

Topics Covered

security advisory important authentication memory bypass mbedtls

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here