GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Oct 17, 2013 9:26 am Post subject: [ GLSA 201310-10 ] PolarSSL: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: PolarSSL: Multiple vulnerabilities (GLSA 201310-10)
Severity: normal
Exploitable: remote
Date: October 17, 2013
Bug(s): #358783, #416399, #455562, #464206, #480882, #487170
ID: 201310-10
Synopsis
Multiple vulnerabilities have been found in PolarSSL, the worst of
which might allow a remote attacker to cause a Denial of Service condition.
Background
PolarSSL is a cryptographic library for embedded systems.
Affected Packages
Package: net-libs/polarssl
Vulnerable: < 1.3.0
Unaffected: >= 1.3.0
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in PolarSSL. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker might be able to cause Denial of Service, conduct a
man-in-the middle attack, compromise an encrypted communication channel,
or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All PolarSSL users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/polarssl-1.3.0"
|
References
CVE-2011-1923
CVE-2012-2130
CVE-2013-0169
CVE-2013-1621
CVE-2013-4623
CVE-2013-5915
Last edited by GLSA on Thu Jan 08, 2015 4:31 am; edited 2 times in total |
|
News & Announcements
