Описание
Security update for mbedtls
This update for mbedtls fixes the following issues:
- CVE-2022-46393: Fixed potential heap buffer overread and overwrite in DTLS (boo#1206576).
Список пакетов
SUSE Package Hub 15 SP4
libmbedcrypto7-2.28.0-bp154.2.3.1
libmbedcrypto7-32bit-2.28.0-bp154.2.3.1
libmbedcrypto7-64bit-2.28.0-bp154.2.3.1
libmbedtls14-2.28.0-bp154.2.3.1
libmbedtls14-32bit-2.28.0-bp154.2.3.1
libmbedtls14-64bit-2.28.0-bp154.2.3.1
libmbedx509-1-2.28.0-bp154.2.3.1
libmbedx509-1-32bit-2.28.0-bp154.2.3.1
libmbedx509-1-64bit-2.28.0-bp154.2.3.1
mbedtls-devel-2.28.0-bp154.2.3.1
openSUSE Leap 15.4
libmbedcrypto7-2.28.0-bp154.2.3.1
libmbedcrypto7-32bit-2.28.0-bp154.2.3.1
libmbedcrypto7-64bit-2.28.0-bp154.2.3.1
libmbedtls14-2.28.0-bp154.2.3.1
libmbedtls14-32bit-2.28.0-bp154.2.3.1
libmbedtls14-64bit-2.28.0-bp154.2.3.1
libmbedx509-1-2.28.0-bp154.2.3.1
libmbedx509-1-32bit-2.28.0-bp154.2.3.1
libmbedx509-1-64bit-2.28.0-bp154.2.3.1
mbedtls-devel-2.28.0-bp154.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2022:10257-1
- SUSE Security Ratings
- SUSE Bug 1206576
- SUSE CVE CVE-2022-46393 page
Описание
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
Затронутые продукты
SUSE Package Hub 15 SP4:libmbedcrypto7-2.28.0-bp154.2.3.1
SUSE Package Hub 15 SP4:libmbedcrypto7-32bit-2.28.0-bp154.2.3.1
SUSE Package Hub 15 SP4:libmbedcrypto7-64bit-2.28.0-bp154.2.3.1
SUSE Package Hub 15 SP4:libmbedtls14-2.28.0-bp154.2.3.1
Ссылки
- CVE-2022-46393
- SUSE Bug 1206576