Mageia alert MGASA-2018-0253 (mbedtls)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2018-0253: Updated mbedtls packages fix security issues 
Date:
    	     
 
Thu, 24 May 2018 18:31:21 +0200
Message-ID:
    	     
 
<20180524163121.339C09FF69@duvel.mageia.org>
MGASA-2018-0253 - Updated mbedtls packages fix security issues

Publication date: 24 May 2018
URL: https://advisories.mageia.org/MGASA-2018-0253.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-9988,
     CVE-2018-9989

Description:
CVE-2018-9988: ARM mbed TLS before 2.1.11, before 2.7.2, and before
2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that
could cause a crash on invalid input.
CVE-2018-9989: ARM mbed TLS before 2.1.11, before 2.7.2, and before
2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could
cause a crash on invalid input.

References:
- https://bugs.mageia.org/show_bug.cgi?id=22914
- https://lists.opensuse.org/opensuse-updates/2018-04/msg00...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9988
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9989

SRPMS:
- 6/core/bctoolbox-0.2.0-4.2.mga6
- 6/core/hiawatha-10.4-1.2.mga6
- 6/core/mbedtls-2.7.3-1.mga6
- 6/core/shadowsocks-libev-3.1.0-1.2.mga6
- 6/tainted/dolphin-emu-5.0-5.2.mga6.tainted