1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-201801-15

[GLSA-201801-15] PolarSSL: Multiple vulnerabilities

Severity Normal
Affected Packages 1
CVEs 2
Info Packages References Vulnerabilities

Multiple vulnerabilities have been found in PolarSSL, the worst of which may allow remote attackers to execute arbitrary code.

Background
PolarSSL is a cryptographic library for embedded systems.

Description
Multiple vulnerabilities have been discovered in PolarSSL. Please review
the CVE identifiers referenced below for details.

Impact
A remote attacker might be able to execute arbitrary code, cause Denial
of Service condition or obtain sensitive information.

Workaround
There is no known workaround at this time.

Resolution
Gentoo has discontinued support for PolarSSL and recommends that users
unmerge the package:

# emerge --unmerge "net-libs/polarssl"

Package Affected Version
pkg:ebuild/net-libs/polarssl?distro=gentoo < 1.3.9-r1
ID
GLSA-201801-15
Severity
normal
URL
https://security.gentoo.org/glsa/201801-15
Published
2018-01-15T00:00:00
(6 years ago)
Modified
2018-01-15T00:00:00
(6 years ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2015-1182 CVE-2015-1182 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1182
CVE CVE-2015-7575 CVE-2015-7575 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7575
Bugzilla 537108 Bugzilla #537108 https://bugs.gentoo.org/show_bug.cgi?id=537108
Bugzilla 620504 Bugzilla #620504 https://bugs.gentoo.org/show_bug.cgi?id=620504
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/net-libs/polarssl?distro=gentoo net-libs polarssl < 1.3.9-r1 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date