Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-331-1 polarssl

Debian Security Advisory

DLA-331-1 polarssl -- LTS security update

Date Reported:

22 Oct 2015

Affected Packages:

polarssl

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-5291.

More information:

A flaw was found in PolarSSl and mbed TLS:

When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the session ticket extension and the server name indication (SNI) extension.

Although most of the vulnerable code is not present in the Squeeze version, this upload contains at least a length check for incoming data.