GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Jan 15, 2018 5:26 am Post subject: [ GLSA 201801-15 ] PolarSSL |
|
|
Gentoo Linux Security Advisory
Title: PolarSSL: Multiple vulnerabilities (GLSA 201801-15)
Severity: normal
Exploitable: remote
Date: 2018-01-15
Bug(s): #537108, #620504
ID: 201801-15
Synopsis
Multiple vulnerabilities have been found in PolarSSL, the worst of
which may allow remote attackers to execute arbitrary code.
Background
PolarSSL is a cryptographic library for embedded systems.
Affected Packages
Package: net-libs/polarssl
Vulnerable: < 1.3.9-r1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in PolarSSL. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker might be able to execute arbitrary code, cause Denial
of Service condition or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for PolarSSL and recommends that users
unmerge the package:
Code: | # emerge --unmerge "net-libs/polarssl"
|
References
CVE-2015-1182
CVE-2015-7575
|
|