Forum: >>> Magnum BBS <<<

[gentoo-announce] [ GLSA 202301-08 ] Mbed TLS: Multiple Vulnerabilities

From [email protected]@21:1/5 to All on Wed Jan 11 06:40:02 2023

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202301-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mbed TLS: Multiple Vulnerabilities
Date: January 11, 2023
Bugs: #857813, #829660, #801376, #778254, #764317, #740108, #730752
ID: 202301-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Mbed TLS, the worst of
which could result in arbitrary code execution.

Background
==========

Mbed TLS (previously PolarSSL) is an “easy to understand, use, integrate
and expand” implementation of the TLS and SSL protocols and the
respective cryptographic algorithms and support code required.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/mbedtls < 2.28.1 >= 2.28.1

Description
===========

Multiple vulnerabilities have been discovered in Mbed TLS. Please review
the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Mbed TLS users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/mbedtls-2.28.1"

References
==========

[ 1 ] CVE-2020-16150
https://nvd.nist.gov/vuln/detail/CVE-2020-16150
[ 2 ] CVE-2020-36421
https://nvd.nist.gov/vuln/detail/CVE-2020-36421
[ 3 ] CVE-2020-36422
https://nvd.nist.gov/vuln/detail/CVE-2020-36422
[ 4 ] CVE-2020-36423
https://nvd.nist.gov/vuln/detail/CVE-2020-36423
[ 5 ] CVE-2020-36424
https://nvd.nist.gov/vuln/detail/CVE-2020-36424
[ 6 ] CVE-2020-36425
https://nvd.nist.gov/vuln/detail/CVE-2020-36425
[ 7 ] CVE-2020-36426
https://nvd.nist.gov/vuln/detail/CVE-2020-36426
[ 8 ] CVE-2020-36475
https://nvd.nist.gov/vuln/detail/CVE-2020-36475
[ 9 ] CVE-2020-36476
https://nvd.nist.gov/vuln/detail/CVE-2020-36476
[ 10 ] CVE-2020-36477
https://nvd.nist.gov/vuln/detail/CVE-2020-36477
[ 11 ] CVE-2020-36478
https://nvd.nist.gov/vuln/detail/CVE-2020-36478
[ 12 ] CVE-2021-43666
https://nvd.nist.gov/vuln/detail/CVE-2021-43666
[ 13 ] CVE-2021-44732
https://nvd.nist.gov/vuln/detail/CVE-2021-44732
[ 14 ] CVE-2021-45450
https://nvd.nist.gov/vuln/detail/CVE-2021-45450
[ 15 ] CVE-2022-35409
https://nvd.nist.gov/vuln/detail/CVE-2022-35409

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202301-08

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to [email protected] or alternatively, you may file a bug at https://bugs.gentoo.org.

License
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmO+Rs4ACgkQFMQkOaVy +9km5w/+JuKgsFcCsNHooa5YEbGUX8YJ5APwECNrSZ8QLtMKlSthCFUkAnNS3t8u SFEjH3i8vNBXlNDRfw4vs4x1Qbups4D++2h4wUHtkXJbeh1XHI5qGzi1iDtCVVru JJ8a/BYMSd0RdNMS98XWOjSMlSkfOsLSUlUm06r3cvfMX+KvS7NZLfI4jov/Tz2R H5o9MYtxwM87Mp5z1mjoRRiX1YOErcysq3Z6lwjxEhNK1x3EokNzvrJDRBiN6K/W Vn4kH95iMahF/r3QlO2M3bgl0kcIgCNC71CPM2xYx8N/ukyI094J9qjBSl1q60lR zXDpuMpCwAwHUm1bXMwxSRgXSUzx0QogEhRZhgdz16EHyPqDpu4SMFHahvA+omYL LBN/hiwxWXEQb2XrBgheueS8eThn4Amvf1CoCfzHfJar8PEMH7dl16dlMiC+yG91 81AY9+rPjIIZszmIA69SAqHGnfmwmIYga5z8D+Js+QATYaqHWDTw3iD8h8MnkUV2 KwyjfG8j9mFpli2KKoXCsCtH4Q1+nrE4cXhD2Gq5rCsZmbZ2ZtDptEuVjOIco87L BxggAXm4T3UsDZfWKjUWq2SdoPTjsi3mDSUqx/aEIsJ3dO8V/0BkNrf7jIlBU2YR +ys+Ob7adll4nxBv2S5KPXCCB0O4iuzkO2oJent2EKh9OcFOjcM=
=ETkF
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Krenn
  Tue Jun 9 11:18:15 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Tue Jun 9 10:31:07 2026
  from Wales, Uk via Telnet
- Centurion
  Mon Jun 8 23:30:43 2026
  from Berea, Ohio via Telnet
- Centurion
  Mon Jun 8 21:33:11 2026
  from Berea, Ohio via Telnet
- Bob Worm
  Mon Jun 8 20:15:00 2026
  from Wales, Uk via Telnet
- Bob Worm
  Mon Jun 8 16:33:22 2026
  from Wales, Uk via Telnet
- Bob Worm
  Mon Jun 8 14:11:46 2026
  from Wales, Uk via Telnet
- Krenn
  Mon Jun 8 11:22:02 2026
  from Sydney, Nsw via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	45:19:59
Calls:	12,111
Calls today:	2
Files:	15,010
Messages:	6,518,468

[gentoo-announce] [ GLSA 202301-08 ] Mbed TLS: Multiple Vulnerabilities

Who's Online

Recent Visitors

System Info