DescriptionPolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- openSUSE-SU-2014:1457-1, published Wed, 19 Nov 2014 17:05:18 +0100 (CET)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA libmbedcrypto0-2.4.0-1.2