SUSE Package Hub - openSUSE-2018-382

Update Info

openSUSE-2018-382

Security update for mbedtls

Type: security

Severity: moderate

Issued: 2018-04-20

Description:

This update for mbedtls fixes the following issues:

Security issues fixed:

- CVE-2018-9988: Fixed buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input (boo#1089022).
- CVE-2018-9989: Fixed buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input (boo#1089021).

References

Packages

mbedtls-1.3.19-14.1