{"id":"MGASA-2018-0163","summary":"Updated mbedtls and related packages fix security vulnerabilities","details":"The mbedtls package has been updated to fix several security issues.\n\nFixed a heap corruption issue in the implementation of the truncated HMAC\nextension. When the truncated HMAC extension is enabled and CBC is used,\nsending a malicious application packet could be used to selectively corrupt\n6 bytes on the peer's heap, which could potentially lead to crash or remote\ncode execution. The issue could be triggered remotely from either side in\nboth TLS and DTLS. (CVE-2018-0488) \n\nFixed a buffer overflow in RSA-PSS verification when the hash was too large\nfor the key size, which could potentially lead to crash or remote code\nexecution. (CVE-2018-0487)\n","modified":"2026-04-16T06:26:10.410349811Z","published":"2018-03-10T20:47:30Z","upstream":["CVE-2018-0487","CVE-2018-0488"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0163.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22653"},{"type":"ADVISORY","url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01"},{"type":"WEB","url":"https://tls.mbed.org/tech-updates/releases/mbedtls-2.7.0-2.1.10-and-1.3.22-released"}],"affected":[{"package":{"name":"mbedtls","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/mbedtls?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0163.json"}},{"package":{"name":"shadowsocks-libev","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/shadowsocks-libev?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.0-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0163.json"}},{"package":{"name":"bctoolbox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/bctoolbox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.2.0-4.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0163.json"}},{"package":{"name":"hiawatha","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/hiawatha?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.4-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0163.json"}},{"package":{"name":"dolphin-emu","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/dolphin-emu?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.0-5.1.mga6"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0163.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}