Your message dated Fri, 15 May 2026 17:48:50 +0000
with message-id <[email protected]>
and subject line Bug#1132577: fixed in mbedtls 3.6.6-0.1
has caused the Debian Bug report #1132577,
regarding mbedtls: CVE-2026-34871 CVE-2026-34872 CVE-2026-34873 CVE-2026-34874
CVE-2026-34875 CVE-2026-34876 CVE-2026-34877
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1132577: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132577
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mbedtls
Version: 3.6.5-0.1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for mbedtls.
CVE-2026-34871[0]:
| An issue was discovered in Mbed TLS before 3.6.6 and 4.x before
| 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in
| a Pseudo-Random Number Generator (PRNG).
CVE-2026-34872[1]:
| An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5
| and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in
| FFDH due to improper input validation. Using finite-field Diffie-
| Hellman, the other party can force the shared secret into a small
| set of values (lack of contributory behavior). This is a problem for
| protocols that depend on contributory behavior (which is not the
| case for TLS). The attack can be carried by the peer, or depending
| on the protocol by an active network attacker (person in the
| middle).
CVE-2026-34873[2]:
| An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client
| impersonation can occur while resuming a TLS 1.3 session.
CVE-2026-34874[3]:
| An issue was discovered in Mbed TLS through 3.6.5 and 4.x through
| 4.0.0. There is a NULL pointer dereference in distinguished name
| parsing that allows an attacker to write to address 0.
CVE-2026-34875[4]:
| An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto
| 1.0.0. A buffer overflow can occur in public key export for FFDH
| keys.
CVE-2026-34876[5]:
| An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-
| bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c
| allows attackers to obtain adjacent CCM context data via invocation
| of the multipart CCM API with an oversized tag_len parameter. This
| is caused by missing validation of the tag_len parameter against the
| size of the internal 16-byte authentication buffer. The issue
| affects the public multipart CCM API in Mbed TLS 3.x, where
| mbedtls_ccm_finish() can be invoked directly by applications. In
| Mbed TLS 4.x versions prior to the fix, the same missing validation
| exists in the internal implementation; however, the function is not
| exposed as part of the public API. Exploitation requires
| application-level invocation of the multipart CCM API.
CVE-2026-34877[6]:
| An issue was discovered in Mbed TLS versions from 2.19.0 up to
| 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL
| context or session structures allows an attacker who can modify the
| serialized structures to induce memory corruption, leading to
| arbitrary code execution. This is caused by Incorrect Use of
| Privileged APIs.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-34871
https://www.cve.org/CVERecord?id=CVE-2026-34871
[1] https://security-tracker.debian.org/tracker/CVE-2026-34872
https://www.cve.org/CVERecord?id=CVE-2026-34872
[2] https://security-tracker.debian.org/tracker/CVE-2026-34873
https://www.cve.org/CVERecord?id=CVE-2026-34873
[3] https://security-tracker.debian.org/tracker/CVE-2026-34874
https://www.cve.org/CVERecord?id=CVE-2026-34874
[4] https://security-tracker.debian.org/tracker/CVE-2026-34875
https://www.cve.org/CVERecord?id=CVE-2026-34875
[5] https://security-tracker.debian.org/tracker/CVE-2026-34876
https://www.cve.org/CVERecord?id=CVE-2026-34876
[6] https://security-tracker.debian.org/tracker/CVE-2026-34877
https://www.cve.org/CVERecord?id=CVE-2026-34877
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mbedtls
Source-Version: 3.6.6-0.1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
mbedtls, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated mbedtls package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 30 Apr 2026 15:38:39 +0300
Source: mbedtls
Architecture: source
Version: 3.6.6-0.1
Distribution: unstable
Urgency: medium
Maintainer: Debian IoT Maintainers
<[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1132577 1133841
Changes:
mbedtls (3.6.6-0.1) unstable; urgency=medium
.
* Non-maintainer upload.
* New upstream release.
- CVE-2026-25834: Signature Algorithm Injection
- CVE-2026-25835: PSA random generator cloning
- CVE-2026-34872: FFDH: improper input validation
- CVE-2026-34873: Client impersonation resuming a TLS 1.3 session
- CVE-2026-34874: Null pointer dereference setting a distinguished name
- CVE-2026-34875: Buffer overflow in FFDH public key export
- CVE-2026-34876: CCM multipart finish tag-length validation bypass
(Closes: #1133841, #1132577)
Checksums-Sha1:
a874b9a95ac96434584f7dc5afd71143997edfd5 2456 mbedtls_3.6.6-0.1.dsc
71dd91cc76e77a0dcf0d8020377523ed7e703d8e 5508045 mbedtls_3.6.6.orig.tar.bz2
d13733695145ca25276cd740d4753a536e65085e 19060 mbedtls_3.6.6-0.1.debian.tar.xz
Checksums-Sha256:
cb5fe6f6b65667f993092eb7359b98155ceb8e67fa978afdf06256c75efe0bb4 2456
mbedtls_3.6.6-0.1.dsc
8fb65fae8dcae5840f793c0a334860a411f884cc537ea290ce1c52bb64ca007a 5508045
mbedtls_3.6.6.orig.tar.bz2
223d5b247d60c8954cd14a6c685a9fbaf68578dc19c8f7b70b29a29cc5aa48aa 19060
mbedtls_3.6.6-0.1.debian.tar.xz
Files:
30c4ca31518e43e0d230d1e58af35bb2 2456 libs optional mbedtls_3.6.6-0.1.dsc
8147a63a1ce289ebc0fb2190a5cce03f 5508045 libs optional
mbedtls_3.6.6.orig.tar.bz2
2de996e1eaeafb07437fc64a3a3c8d89 19060 libs optional
mbedtls_3.6.6-0.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmnzh3EACgkQiNJCh6LY
mLHFbBAAwas+HcuktlyDLsAO18i1skoPIHWz9/rooR/yAN2i69ykhN5D8nel4rIT
30nb4clQzFftZojiLbCsLH0+vEIyDvbd6VJQgBqXGOQZf/JdDcRGdEBPoDVupPdY
2STexUbGcCfshgixj8DYiPbEU4ulFT6gI6AO39P9zwjfs1LVXGXtITCR4d1lJY0i
Z2jlJmg9BVXzy8CEfmLSUCiuJeRBEt3/85+LPUc22tQ4hfbF/XfcjVo88STKY+gG
1y0nfkZgex4p+YTvAOOgmufstqHKdPx1bFRNTezdAQwtHfCnvR70VCAWihqZiQHx
4tkyBnUiHAEISx7orYYlO5TugrEbE8EHdcF1pq7Mhf33OQgNo9XQlK+uiWpuaB0N
Ad8fkGfC4DBzK0dnYwXvePo9uJ9ysyebfjFrBbhQnGzDzcAKF8mdFmD01+tidlQH
4/0f1+PqSttNOsg0awfxnv73mxJpuDFt4hbhxNzs9EgIzTJkjaYUxh9fYxU4tAZm
+dt+3bBI4mJsg5KwLeyd6qLbUFM7FdiXAnCiWNTcjcELonMRKZNn2H2k9drRDi1Q
zx+/YfWgs7YBPLUp5AxEGxrYTaEAwyLTJ15n2ElouLnexLHWoX6j6cunX4igjbNG
AEZIibOJPNSpPGIVhql/wS7YiCdoda2pzNaorQTXyi1tJ2VOj4A=
=kXe0
-----END PGP SIGNATURE-----
pgp8MuVS_J1nG.pgp
Description: PGP signature
--- End Message ---
