PolarSSL: Multiple vulnerabilities — GLSA 201801-15

Multiple vulnerabilities have been found in PolarSSL, the worst of which may allow remote attackers to execute arbitrary code.

Affected Packages

net-libs/polarssl on all architectures
Affected versions < 1.3.9-r1
Unaffected versions

Background

PolarSSL is a cryptographic library for embedded systems.

Description

Multiple vulnerabilities have been discovered in PolarSSL. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker might be able to execute arbitrary code, cause Denial of Service condition or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

Gentoo has discontinued support for PolarSSL and recommends that users unmerge the package:

 # emerge --unmerge "net-libs/polarssl"
 

References

Release Date
January 15, 2018

Latest Revision
January 15, 2018: 1

Severity
normal

Exploitable
remote

Bugzilla entries