Bug 1188494 (CVE-2020-36426) - VUL-0: CVE-2020-36426: mbedtls: mbedtls_x509_crl_parse_der has a buffer over-read (of one byte)
Summary: VUL-0: CVE-2020-36426: mbedtls: mbedtls_x509_crl_parse_der has a buffer over-...
Status: RESOLVED FIXED
Alias: CVE-2020-36426
Product: openSUSE Distribution
Classification: openSUSE
Component: Basesystem (show other bugs)
Version: Leap 15.2
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/304564/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-07-20 06:03 UTC by Alexander Bergmann
Modified: 2021-08-06 10:52 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Pedro Monreal Gonzalez 2021-08-05 10:11:55 UTC 
Resolution:
Affected users will want to upgrade to Mbed TLS 2.24.0, 2.16.8 or 2.7.17 depending on the branch they're currently using.

We have fixed versions in:
 * Version 2.16.9 in openSUSE:Leap:15.2:Update
 * Version 2.8.0 in openSUSE:Leap:15.1:Update
Comment 3 Marcus Meissner 2021-08-06 10:52:41 UTC 
done