Title
MGASA-2018-0163 -- обновление безопасности для mbedtls, shadowsocks-libev, bctoolbox, hiawatha, dolphin-emu
Description
The mbedtls package has been updated to fix several security issues.
Fixed a heap corruption issue in the implementation of the truncated HMAC
extension. When the truncated HMAC extension is enabled and CBC is used,
sending a malicious application packet could be used to selectively corrupt
6 bytes on the peer's heap, which could potentially lead to crash or remote
code execution. The issue could be triggered remotely from either side in
both TLS and DTLS. (CVE-2018-0488)
Fixed a buffer overflow in RSA-PSS verification when the hash was too large
for the key size, which could potentially lead to crash or remote code
execution. (CVE-2018-0487)