FS#47783 - [mbedtls] CVE-2015-7575: sloth attack
Attached to Project:
Community Packages
Opened by Remi Gacogne (rgacogne) - Saturday, 16 January 2016, 14:09 GMT
Last edited by Kyle Keen (keenerd) - Monday, 25 January 2016, 15:52 GMT
Opened by Remi Gacogne (rgacogne) - Saturday, 16 January 2016, 14:09 GMT
Last edited by Kyle Keen (keenerd) - Monday, 25 January 2016, 15:52 GMT
|
Details
Hi,
mbedTLS <= 2.2.0 is vulnerable to the TLS "SLOTH" attack, CVE-2015-7575 [1]. The new released version, 2.2.1, fixes this vulnerability [2] and some bugs, so it would be nice if we could upgrade. [1]: http://www.mitls.org/pages/attacks/SLOTH [2]: https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released |
This task depends upon
Closed by Kyle Keen (keenerd)
Monday, 25 January 2016, 15:52 GMT
Reason for closing: Fixed
Additional comments about closing: mbedtls 2.2.1
Monday, 25 January 2016, 15:52 GMT
Reason for closing: Fixed
Additional comments about closing: mbedtls 2.2.1