Test ID:	1.3.6.1.4.1.25623.1.1.10.2020.0469
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2020-0469)
Summary:	The remote host is missing an update for the 'mbedtls' package(s) announced via the MGASA-2020-0469 advisory.
Description:	Summary: The remote host is missing an update for the 'mbedtls' package(s) announced via the MGASA-2020-0469 advisory. Vulnerability Insight: This update provides security bug fixes and minor enhancements. Limit the size of calculations performed by mbedtls_mpi_exp_mod to MBEDTLS_MPI_MAX_SIZE to prevent a potential denial of service when generating Diffie-Hellman key pairs. A failure of the random generator was ignored in mbedtls_mpi_fill_random(), which is how most uses of randomization in asymmetric cryptography are implemented. This could cause failures or the silent use of non-random values. Fix a compliance issue whereby the library did not check the tag on the algorithm parameters (only the size) when comparing the signature in the description part of the cert to the real signature. Zeroising of local buffers and variables which are used for calculations in mbedtls_pkcs5_pbkdf2_hmac(), mbedtls_internal_sha*_process(), mbedtls_internal_md*_process() and mbedtls_internal_ripemd160_process() functions to erase sensitive data from memory. Affected Software/OS: 'mbedtls' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.