Source: mbedtls Version: 2.16.0-1 Severity: serious Tags: security Justification: security
Dear Maintainer, Mbed TLS 2.16.8 released 1 Sep 2020 addresses 3 security advisories ==> Please update mbedtls in all active Debian releases. Thank you. https://github.com/ARMmbed/mbedtls/releases https://tls.mbed.org/tech-updates/security-advisories Local side channel attack on classical CBC decryption in (D)TLS https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1 CVE-2020-16150 Severity: High Local side channel attack on RSA and static Diffie-Hellman https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2 Severity: High Protocol weakness in DHE-PSK key exchange https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-3 Severity: Low -- System Information: Debian Release: 10.6 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-12-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled