Lucene search

DebianDEBIAN:DLA-2826-1:14CB9

HistoryNov 23, 2021 - 1:36 p.m.

[SECURITY] [DLA 2826-1] mbedtls security update

2021-11-2313:36:24

lists.debian.org

mbed tls

debian 9

security update

vulnerabilities

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.7

Confidence

Low

EPSS

0.008

Percentile

81.5%

JSON

Debian LTS Advisory DLA-2826-1 [email protected]
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
November 23, 2021 https://wiki.debian.org/LTS

Package : mbedtls
Version : 2.4.2-1+deb9u4
CVE ID : CVE-2018-9988 CVE-2018-9989 CVE-2020-36475 CVE-2020-36476
CVE-2020-36478 CVE-2021-24119

Several vulnerabilities were discovered in mbed TLS, a lightweight crypto
and SSL/TLS library, which could result in denial of service, information
disclosure or side-channel attacks.

For Debian 9 stretch, these problems have been fixed in version
2.4.2-1+deb9u4.

We recommend that you upgrade your mbedtls packages.

For the detailed security status of mbedtls please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mbedtls

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9armellibmbedcrypto0< 2.4.2-1+deb9u4libmbedcrypto0_2.4.2-1+deb9u4_armel.deb
Debian9alllibmbedtls-doc< 2.4.2-1+deb9u4libmbedtls-doc_2.4.2-1+deb9u4_all.deb
Debian9armellibmbedtls10< 2.4.2-1+deb9u4libmbedtls10_2.4.2-1+deb9u4_armel.deb
Debian9armhflibmbedtls10< 2.4.2-1+deb9u4libmbedtls10_2.4.2-1+deb9u4_armhf.deb
Debian10armhflibmbedcrypto3< 2.16.9-0~deb10u1libmbedcrypto3_2.16.9-0~deb10u1_armhf.deb
Debian9armellibmbedx509-0< 2.4.2-1+deb9u4libmbedx509-0_2.4.2-1+deb9u4_armel.deb
Debian10armhflibmbedx509-0-dbgsym< 2.16.9-0~deb10u1libmbedx509-0-dbgsym_2.16.9-0~deb10u1_armhf.deb
Debian10arm64libmbedx509-0< 2.16.9-0~deb10u1libmbedx509-0_2.16.9-0~deb10u1_arm64.deb
Debian10armhflibmbedx509-0< 2.16.9-0~deb10u1libmbedx509-0_2.16.9-0~deb10u1_armhf.deb
Debian10allmbedtls< 2.16.9-0~deb10u1mbedtls_2.16.9-0~deb10u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armel	libmbedcrypto0	< 2.4.2-1+deb9u4	libmbedcrypto0_2.4.2-1+deb9u4_armel.deb
Debian	9	all	libmbedtls-doc	< 2.4.2-1+deb9u4	libmbedtls-doc_2.4.2-1+deb9u4_all.deb
Debian	9	armel	libmbedtls10	< 2.4.2-1+deb9u4	libmbedtls10_2.4.2-1+deb9u4_armel.deb
Debian	9	armhf	libmbedtls10	< 2.4.2-1+deb9u4	libmbedtls10_2.4.2-1+deb9u4_armhf.deb
Debian	10	armhf	libmbedcrypto3	< 2.16.9-0~deb10u1	libmbedcrypto3_2.16.9-0~deb10u1_armhf.deb
Debian	9	armel	libmbedx509-0	< 2.4.2-1+deb9u4	libmbedx509-0_2.4.2-1+deb9u4_armel.deb
Debian	10	armhf	libmbedx509-0-dbgsym	< 2.16.9-0~deb10u1	libmbedx509-0-dbgsym_2.16.9-0~deb10u1_armhf.deb
Debian	10	arm64	libmbedx509-0	< 2.16.9-0~deb10u1	libmbedx509-0_2.16.9-0~deb10u1_arm64.deb
Debian	10	armhf	libmbedx509-0	< 2.16.9-0~deb10u1	libmbedx509-0_2.16.9-0~deb10u1_armhf.deb
Debian	10	all	mbedtls	< 2.16.9-0~deb10u1	mbedtls_2.16.9-0~deb10u1_all.deb