AVG-198 log

Package mbedtls
Status Fixed
Severity Critical
Type arbitrary code execution
Affected 2.4.0-1
Fixed 2.4.2-1
Current 3.6.1-1 [extra]
Ticket None
Created Sat Mar 11 20:22:39 2017
Issue Severity Remote Type Description
CVE-2017-2784 Critical Yes Arbitrary code execution
A security issue has been found in mbed TLS < 2.4.2. If a malicious peer supplies a certificate with a specially crafted secp224k1 public key, then an...
Date Advisory Package Type
20 Mar 2017 ASA-201703-16 mbedtls arbitrary code execution
References
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01