Security update for polarssl SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1928-1 Final 1 1 2016-07-31T23:21:34Z current 2016-07-31T23:21:34Z 2016-07-31T23:21:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for polarssl This update for polarssl fixes the following issues: - CVE-2015-8036: A heap-based buffer overflow could have allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a long session ticket name to the session ticket extension (boo#989694) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html E-Mail link for openSUSE-SU-2016:1928-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 libpolarssl7-1.3.9-17.1 libpolarssl7-debuginfo-1.3.9-17.1 polarssl-1.3.9-17.1 polarssl-devel-1.3.9-17.1 libpolarssl7-1.3.9-17.1 as a component of openSUSE 13.2 libpolarssl7-debuginfo-1.3.9-17.1 as a component of openSUSE 13.2 polarssl-1.3.9-17.1 as a component of openSUSE 13.2 polarssl-devel-1.3.9-17.1 as a component of openSUSE 13.2 Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges. CVE-2015-8036 openSUSE 13.2:libpolarssl7-1.3.9-17.1 openSUSE 13.2:libpolarssl7-debuginfo-1.3.9-17.1 openSUSE 13.2:polarssl-1.3.9-17.1 openSUSE 13.2:polarssl-devel-1.3.9-17.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html https://www.suse.com/security/cve/CVE-2015-8036.html CVE-2015-8036