FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| d8382a69-4728-11e8-ba83-0011d823eebd | mbed TLS (PolarSSL) -- multiple vulnerabilities
Simon Butcher reports:
- Defend against Bellcore glitch attacks by verifying the results
of RSA private key operations.
- Fix implementation of the truncated HMAC extension. The
previous implementation allowed an offline 2^80 brute force
attack on the HMAC key of a single, uninterrupted connection
(with no resumption of the session).
- Reject CRLs containing unsupported critical extensions. Found
by Falko Strenzke and Evangelos Karatsiolis.
- Fix a buffer overread in ssl_parse_server_key_exchange() that
could cause a crash on invalid input.
- Fix a buffer overread in ssl_parse_server_psk_hint() that could
cause a crash on invalid input.
Discovery 2018-03-21
Entry 2018-04-23
mbedtls
< 2.7.2
polarssl13
>= *
https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
|