This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This update to mbedtls 1.3.19 fixes security issues and bugs.
The following vulnerability was fixed :
CVE-2017-2784: A remote user could have used a specially crafted
certificate to cause mbedtls to free a buffer allocated on the stack
when verifying the validity of public key with a secp224k1 curve,
which could have allowed remote code execution on some platforms
The following non-security changes are included :
- Add checks to prevent signature forgeries for very large
messages while using RSA through the PK module in 64-bit
- Fixed potential livelock during the parsing of a CRL in
See also :
Update the affected mbedtls packages.
Risk factor :
Medium / CVSS Base Score : 6.8