All errata/sisyphus_loongarch64/ALT-PU-2025-4780-1
ALT-PU-2025-4780-1

Package update mbedtls-compat in branch sisyphus_loongarch64

Version2.28.10-alt1
Task#0
Published2025-03-25
Max severityMEDIUM
Severity:

Closed issues (2)

CVE-2025-27809
MEDIUM5.4

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.

Published: 2025-03-25Modified: 2025-07-17
CVSS 3.xMEDIUM 5.4
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
References
CVE-2025-27810
MEDIUM4.8

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.

Published: 2025-03-25Modified: 2025-10-30
CVSS 3.xMEDIUM 4.8
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
References