PolarSSL: Multiple vulnerabilities — GLSA 201310-10

Multiple vulnerabilities have been found in PolarSSL, the worst of which might allow a remote attacker to cause a Denial of Service condition.

Affected packages

Background

PolarSSL is a cryptographic library for embedded systems.

Description

Multiple vulnerabilities have been discovered in PolarSSL. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker might be able to cause Denial of Service, conduct a man-in-the middle attack, compromise an encrypted communication channel, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-libs/polarssl-1.3.0"
 

References

• CVE-2011-1923
• CVE-2012-2130
• CVE-2013-0169
• CVE-2013-1621
• CVE-2013-4623
• CVE-2013-5915

Release date
October 17, 2013

Latest revision
October 17, 2013: 1

Severity
normal

Exploitable
remote

Bugzilla entries

• 358783
• 416399
• 455562
• 464206
• 480882
• 487170