diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2023-01-11 11:44:03 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2023-01-11 11:44:03 +0000 |
| commit | df26c7469c1f2af2e643d43e2e32a6c9142e4885 (patch) | |
| tree | 1beee9b11d06bfcc69d1d6c8ab00566f8633aec1 /metadata/glsa/glsa-202301-08.xml | |
| parent | ad391b961414c99124b93cb86695c04bd8d57937 (diff) | |
gentoo auto-resync : 11:01:2023 - 11:44:03
Diffstat (limited to 'metadata/glsa/glsa-202301-08.xml')
| -rw-r--r-- | metadata/glsa/glsa-202301-08.xml | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-202301-08.xml b/metadata/glsa/glsa-202301-08.xml new file mode 100644 index 000000000000..0eeadca35f79 --- /dev/null +++ b/metadata/glsa/glsa-202301-08.xml @@ -0,0 +1,62 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202301-08"> + <title>Mbed TLS: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.</synopsis> + <product type="ebuild">mbedtls</product> + <announced>2023-01-11</announced> + <revised count="1">2023-01-11</revised> + <bug>857813</bug> + <bug>829660</bug> + <bug>801376</bug> + <bug>778254</bug> + <bug>764317</bug> + <bug>740108</bug> + <bug>730752</bug> + <access>remote</access> + <affected> + <package name="net-libs/mbedtls" auto="yes" arch="*"> + <unaffected range="ge">2.28.1</unaffected> + <vulnerable range="lt">2.28.1</vulnerable> + </package> + </affected> + <background> + <p>Mbed TLS (previously PolarSSL) is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Mbed TLS. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mbed TLS users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/mbedtls-2.28.1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16150">CVE-2020-16150</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36421">CVE-2020-36421</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36422">CVE-2020-36422</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36423">CVE-2020-36423</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36424">CVE-2020-36424</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36425">CVE-2020-36425</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36426">CVE-2020-36426</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36475">CVE-2020-36475</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36476">CVE-2020-36476</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36477">CVE-2020-36477</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36478">CVE-2020-36478</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43666">CVE-2021-43666</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44732">CVE-2021-44732</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45450">CVE-2021-45450</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35409">CVE-2022-35409</uri> + </references> + <metadata tag="requester" timestamp="2023-01-11T05:19:06.415631Z">ajak</metadata> + <metadata tag="submitter" timestamp="2023-01-11T05:19:06.418706Z">ajak</metadata> +</glsa>
\ No newline at end of file |