FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication

Affected packages
polarssl13 < 1.3.16
mbedtls < 2.2.1

Details

VuXML ID 4084168e-b531-11e5-a98c-0011d823eebd
Discovery 2016-01-04
Entry 2016-01-07

ARM Limited reports:

MD5 handshake signatures in TLS 1.2 are vulnerable to the SLOTH attack on TLS 1.2 server authentication. They have been disabled by default. Other attacks from the SLOTH paper do not apply to any version of mbed TLS or PolarSSL.

References

URL https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released