From f524f5fa47d9d739280d4530623a93084918da39 Mon Sep 17 00:00:00 2001 From: GLSAMaker Date: Wed, 11 Jan 2023 05:19:06 +0000 Subject: [ GLSA 202301-08 ] Mbed TLS: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/730752 Bug: https://bugs.gentoo.org/740108 Bug: https://bugs.gentoo.org/764317 Bug: https://bugs.gentoo.org/778254 Bug: https://bugs.gentoo.org/801376 Bug: https://bugs.gentoo.org/829660 Bug: https://bugs.gentoo.org/857813 Signed-off-by: GLSAMaker Signed-off-by: John Helmert III --- glsa-202301-08.xml | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 glsa-202301-08.xml diff --git a/glsa-202301-08.xml b/glsa-202301-08.xml new file mode 100644 index 00000000..0eeadca3 --- /dev/null +++ b/glsa-202301-08.xml @@ -0,0 +1,62 @@ + + + + Mbed TLS: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. + mbedtls + 2023-01-11 + 2023-01-11 + 857813 + 829660 + 801376 + 778254 + 764317 + 740108 + 730752 + remote + + + 2.28.1 + 2.28.1 + + + +

Mbed TLS (previously PolarSSL) is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required.

+ + +

Multiple vulnerabilities have been discovered in Mbed TLS. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Mbed TLS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/mbedtls-2.28.1" + + + + CVE-2020-16150 + CVE-2020-36421 + CVE-2020-36422 + CVE-2020-36423 + CVE-2020-36424 + CVE-2020-36425 + CVE-2020-36426 + CVE-2020-36475 + CVE-2020-36476 + CVE-2020-36477 + CVE-2020-36478 + CVE-2021-43666 + CVE-2021-44732 + CVE-2021-45450 + CVE-2022-35409 + + ajak + ajak + \ No newline at end of file -- cgit v1.2.3-18-g5258