{"id":"MGASA-2018-0253","summary":"Updated mbedtls packages fix security issues","details":"CVE-2018-9988: ARM mbed TLS before 2.1.11, before 2.7.2, and before\n2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that\ncould cause a crash on invalid input.\nCVE-2018-9989: ARM mbed TLS before 2.1.11, before 2.7.2, and before\n2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could\ncause a crash on invalid input.\n","modified":"2026-02-04T04:12:49.741198Z","published":"2018-05-24T16:30:31Z","related":["CVE-2018-9988","CVE-2018-9989"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0253.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22914"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2018-04/msg00051.html"}],"affected":[{"package":{"name":"bctoolbox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/bctoolbox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.2.0-4.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0253.json"}},{"package":{"name":"hiawatha","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/hiawatha?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.4-1.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0253.json"}},{"package":{"name":"mbedtls","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/mbedtls?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.3-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0253.json"}},{"package":{"name":"shadowsocks-libev","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/shadowsocks-libev?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.0-1.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0253.json"}},{"package":{"name":"dolphin-emu","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/dolphin-emu?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.0-5.2.mga6.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0253.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}