Project

General

Profile

Bug #9239

[3.8] mbedtls: Multiple vulnerabilities (CVE-2018-0497, CVE-2018-0498)

Added by Alicha CH 5 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
08/13/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites through
a timing side-channel.

Affected Versions:

All versions of Mbed TLS from version 1.2 upwards, including all 2.1, 2.7 and later releases.

Fixed In Version:

Mbed TLS, including 2.12.0, 2.7.5 or 2.1.14 or later.

References:

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02

CVE-2018-0498: When using a CBC based ciphersuite, an attacker with the ability to execute arbitrary code on
the machine under attack can partially recover the plaintext by use of cache based side-channels.

Affected Versions:

All versions of Mbed TLS from version 1.2 upwards, including all 2.1, 2.7 and later releases.

Fixed In Version:

Mbed TLS, including 2.12.0, 2.7.5 or 2.1.14 or later.

References:

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02

Associated revisions

Revision 1c0e971a (diff)
Added by Natanael Copa 5 months ago

community/mbedtls: security upgrade to 2.7.5 (CVE-2018-0497,CVE-2018-0498)

fixes #9239

History

#1 Updated by Natanael Copa 5 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH 5 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-0497, CVE-2018-0498)

Also available in: Atom PDF