Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2020.0469
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2020-0469)
Zusammenfassung:	The remote host is missing an update for the 'mbedtls' package(s) announced via the MGASA-2020-0469 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'mbedtls' package(s) announced via the MGASA-2020-0469 advisory. Vulnerability Insight: This update provides security bug fixes and minor enhancements. Limit the size of calculations performed by mbedtls_mpi_exp_mod to MBEDTLS_MPI_MAX_SIZE to prevent a potential denial of service when generating Diffie-Hellman key pairs. A failure of the random generator was ignored in mbedtls_mpi_fill_random(), which is how most uses of randomization in asymmetric cryptography are implemented. This could cause failures or the silent use of non-random values. Fix a compliance issue whereby the library did not check the tag on the algorithm parameters (only the size) when comparing the signature in the description part of the cert to the real signature. Zeroising of local buffers and variables which are used for calculations in mbedtls_pkcs5_pbkdf2_hmac(), mbedtls_internal_sha*_process(), mbedtls_internal_md*_process() and mbedtls_internal_ripemd160_process() functions to erase sensitive data from memory. Affected Software/OS: 'mbedtls' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.