[GLSA-201801-15] PolarSSL: Multiple vulnerabilities
Severity
Normal
Affected Packages
1
CVEs
2
Multiple vulnerabilities have been found in PolarSSL, the worst of which may allow remote attackers to execute arbitrary code.
Background
PolarSSL is a cryptographic library for embedded systems.
Description
Multiple vulnerabilities have been discovered in PolarSSL. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker might be able to execute arbitrary code, cause Denial
of Service condition or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for PolarSSL and recommends that users
unmerge the package:
# emerge --unmerge "net-libs/polarssl"
Package | Affected Version |
---|---|
pkg:ebuild/net-libs/polarssl?distro=gentoo | < 1.3.9-r1 |
- ID
- GLSA-201801-15
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/201801-15
- Published
-
2018-01-15T00:00:00
(6 years ago) - Modified
-
2018-01-15T00:00:00
(6 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
-
- ALAS-2016-643
- ALAS-2016-645
- ALAS-2016-647
- ALAS-2016-651
- ALAS-2016-661
- DSA-3136-1
- DSA-3436-1
- DSA-3437-1
- DSA-3457-1
- DSA-3458-1
- DSA-3465-1
- DSA-3491-1
- DSA-3688-1
- ELSA-2016-0007
- ELSA-2016-0008
- ELSA-2016-0012
- ELSA-2016-0049
- ELSA-2016-0050
- ELSA-2016-0053
- ELSA-2016-0054
- FEDORA-2015-0991
- FEDORA-2015-1045
- FREEBSD:10F7BC76-0335-4A88-B391-0B05B3A8CE1C
- FREEBSD:A5856EBA-A015-11E4-A680-1C6F65C3C4FF
- GLSA-201605-06
- GLSA-201701-46
- GLSA-201706-18
- RHSA-2016:0007
- RHSA-2016:0008
- RHSA-2016:0012
- RHSA-2016:0049
- RHSA-2016:0050
- RHSA-2016:0053
- RHSA-2016:0054
- RHSA-2016:0098
- RHSA-2016:0099
- RHSA-2016:0101
- SUSE-SU-2016:0149-1
- SUSE-SU-2016:0189-1
- SUSE-SU-2016:0256-1
- SUSE-SU-2016:0265-1
- SUSE-SU-2016:0269-1
- SUSE-SU-2016:0390-1
- SUSE-SU-2016:0399-1
- SUSE-SU-2016:0401-1
- SUSE-SU-2016:0428-1
- SUSE-SU-2016:0431-1
- SUSE-SU-2016:0433-1
- SUSE-SU-2016:0584-1
- SUSE-SU-2016:0636-1
- SUSE-SU-2016:0770-1
- USN-2863-1
- USN-2864-1
- USN-2865-1
- USN-2866-1
- USN-2884-1
- USN-2904-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2015-1182 | CVE-2015-1182 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1182 |
CVE | CVE-2015-7575 | CVE-2015-7575 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7575 |
Bugzilla | 537108 | Bugzilla #537108 | https://bugs.gentoo.org/show_bug.cgi?id=537108 |
Bugzilla | 620504 | Bugzilla #620504 | https://bugs.gentoo.org/show_bug.cgi?id=620504 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:ebuild/net-libs/polarssl?distro=gentoo | net-libs | polarssl | < 1.3.9-r1 | gentoo |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |