{"affected":[{"ecosystem_specific":{"binaries":[{"libmbedtls9":"1.3.19-11.1","mbedtls-devel":"1.3.19-11.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"mbedtls","purl":"pkg:rpm/suse/mbedtls&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.3.19-11.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for mbedtls fixes the following issues:\n\n- CVE-2018-0487: Fixed a buffer overflow in RSASSA-PSS signature\n  verification, which allowed remote attackers to execute arbitrary code or\n  cause a denial of service via a crafted certificate chain. (boo#1080826)\n- CVE-2018-0488: Fixed a heap vulnerability, which allowed remote\n  attackers to execute arbitrary code or cause a DoS via a crafted application\n  packet when the truncated HMAC extension and CBC are used. (boo#1080828)\n- CVE-2017-18187: Fixed bound check in ssl_parse_client_psk_identity(), which\n  might lead to an overflow. (boo#1080973)\n","id":"openSUSE-SU-2018:0488-1","modified":"2018-02-20T12:28:29Z","published":"2018-02-20T12:28:29Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1080826"},{"type":"REPORT","url":"https://bugzilla.suse.com/1080828"},{"type":"REPORT","url":"https://bugzilla.suse.com/1080973"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-18187"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-0487"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-0488"}],"related":["CVE-2017-18187","CVE-2018-0487","CVE-2018-0488"],"summary":"Security update for mbedtls","upstream":["CVE-2017-18187","CVE-2018-0487","CVE-2018-0488"]}