------------------------------------------------------------------------- Debian LTS Advisory DLA-3249-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany December 26, 2022 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : mbedtls Version : 2.16.9-0~deb10u1 CVE ID : CVE-2019-16910 CVE-2019-18222 CVE-2020-10932 CVE-2020-10941 CVE-2020-16150 CVE-2020-36421 CVE-2020-36422 CVE-2020-36423 CVE-2020-36424 CVE-2020-36425 CVE-2020-36426 CVE-2020-36475 CVE-2020-36476 CVE-2020-36478 CVE-2021-24119 CVE-2021-43666 CVE-2021-44732 CVE-2022-35409 Debian Bug : 941265 963159 972806 1002631 Multiple security vulnerabilities have been discovered in mbedtls, a lightweight crypto and SSL/TLS library, which may allow attackers to obtain sensitive information like the RSA private key or cause a denial of service (application or server crash). For Debian 10 buster, these problems have been fixed in version 2.16.9-0~deb10u1. We recommend that you upgrade your mbedtls packages. For the detailed security status of mbedtls please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mbedtls Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part