Bugzilla – Bug 913903
VUL-0: CVE-2015-1182 polarssl: remote attack using crafted certificates
Last modified: 2015-03-27 14:44:59 UTC
rh#1184028 The following flaw was found in PolarSSL: During the parsing of a ASN.1 sequence, a pointer in the linked list of asn1_sequence is not initialized by asn1_get_sequence_of(). In case an error occurs during parsing of the list, a situation is created where the uninitialized pointer is passed to polarssl_free(). This sequence can be triggered when a PolarSSL entity is parsing a certificate. So practically this means clients when receiving a certificate from the server or servers in case they are actively asking for a client certificate. Depending on the attackers knowledge of the system under attack, this results at the lowest into a Denial of Service, and at the most a possible Remote Code Execution. The patch for this issue is provided in the PolarSSL Security Advisory 2014-04 referenced below. References: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 https://bugzilla.redhat.com/show_bug.cgi?id=1184028 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1182
This is an autogenerated message for OBS integration: This bug (913903) was mentioned in https://build.opensuse.org/request/show/282143 Factory / polarssl https://build.opensuse.org/request/show/282145 13.2 / polarssl
openSUSE-SU-2015:0186-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 913903 CVE References: CVE-2015-1182 Sources used: openSUSE 13.2 (src): polarssl-1.3.9-8.1
resolved apparently