| Bug ID | 903672 |
|---|---|
| Summary | polarssl 1.3.8 used in a server picks weaker signature algorithm than available |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | 13.2 RC 1 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | fisiu@opensuse.org |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
"On the security front this release fixes a mistake in the negotiation introduced in PolarSSL 1.3.8. The mistake resulted in servers negotiating a weaker signature algorithm than available. In addition two remotely-triggerable memory leaks were found by the Codenomicon Defensics tool and fixed in this release. No new features are introduced in this release. A number of changes in behaviour and bug fixes are included." https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released