Source: mbedtls Version: 2.1.2-1 Severity: grave Tags: security Hi,
The following security advisory was published for mbedtls: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02 [Vulnerability] If a malicious peer supplies an X.509 certificate chain that has more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (which by default is 8), it could bypass authentication of the certificates, when the authentication mode was set to 'optional' eg. MBEDTLS_SSL_VERIFY_OPTIONAL. The issue could be triggered remotely by both the client and server sides. If the authentication mode, which can be set by the function mbedtls_ssl_conf_authmode(), was set to 'required' eg. MBEDTLS_SSL_VERIFY_REQUIRED which is the default, authentication would occur normally as intended. [Impact] Depending on the platform, an attack exploiting this vulnerability could allow successful impersonation of the intended peer and permit man-in-the-middle attacks. The advisory states that only mbedtls >= 1.3.10 is affected, which means that jessie's version of polarssl is not affected. I think this is the commit which fixes this, but I have not checked yet: https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32 James
signature.asc
Description: OpenPGP digital signature
