PolarSSL: Multiple vulnerabilities — GLSA 201310-10

Multiple vulnerabilities have been found in PolarSSL, the worst of which might allow a remote attacker to cause a Denial of Service condition.

Affected Packages

net-libs/polarssl on all architectures
Affected versions < 1.3.0
Unaffected versions >= 1.3.0

Background

PolarSSL is a cryptographic library for embedded systems.

Description

Multiple vulnerabilities have been discovered in PolarSSL. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker might be able to cause Denial of Service, conduct a man-in-the middle attack, compromise an encrypted communication channel, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All PolarSSL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-libs/polarssl-1.3.0"
 

References

Release Date
October 17, 2013

Latest Revision
October 17, 2013: 1

Severity
normal

Exploitable
remote

Bugzilla entries