Date: Sun, 12 Mar 2017 21:49:19 +0000 (UTC) From: Tijl Coosemans <tijl@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r436030 - head/security/vuxml Message-ID: <201703122149.v2CLnJP7073722@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tijl Date: Sun Mar 12 21:49:19 2017 New Revision: 436030 URL: https://svnweb.freebsd.org/changeset/ports/436030 Log: Document mbed TLS Security Advisory 2017-01 Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Mar 12 21:35:52 2017 (r436029) +++ head/security/vuxml/vuln.xml Sun Mar 12 21:49:19 2017 (r436030) @@ -58,6 +58,64 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="f41e3e54-076b-11e7-a9f2-0011d823eebd"> + <topic>mbed TLS (PolarSSL) -- multiple vulnerabilities</topic> + <affects> + <package> + <name>mbedtls</name> + <range><lt>2.4.2</lt></range> + </package> + <package> + <name>polarssl13</name> + <range><lt>1.3.19</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Janos Follath reports:</p> + <blockquote cite="https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01">; + <ul> + <li>If a malicious peer supplies a certificate with a specially + crafted secp224k1 public key, then an attacker can cause the + server or client to attempt to free block of memory held on + stack. Depending on the platform, this could result in a Denial + of Service (client crash) or potentially could be exploited to + allow remote code execution with the same privileges as the host + application.</li> + <li>If the client and the server both support MD5 and the client + can be tricked to authenticate to a malicious server, then the + malicious server can impersonate the client. To launch this man + in the middle attack, the adversary has to compute a + chosen-prefix MD5 collision in real time. This is very expensive + computationally, but can be practical. Depending on the + platform, this could result in a Denial of Service (client crash) + or potentially could be exploited to allow remote code execution + with the same privileges as the host application.</li> + <li>A bug in the logic of the parsing of a PEM encoded Certificate + Revocation List in mbedtls_x509_crl_parse() can result in an + infinite loop. In versions before 1.3.10 the same bug results in + an infinite recursion stack overflow that usually crashes the + application. Methods and means of acquiring the CRLs is not part + of the TLS handshake and in the strict TLS setting this + vulnerability cannot be triggered remotely. The vulnerability + cannot be triggered unless the application explicitely calls + mbedtls_x509_crl_parse() or mbedtls_x509_crl_parse_file()on a PEM + formatted CRL of untrusted origin. In which case the + vulnerability can be exploited to launch a denial of service + attack against the application.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01</url>; + </references> + <dates> + <discovery>2017-03-11</discovery> + <entry>2017-03-12</entry> + </dates> + </vuln> + <vuln vid="a505d397-0758-11e7-8d8b-e8e0b747a45a"> <topic>chromium -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703122149.v2CLnJP7073722>