CVE-2017-14032

Priority
Description
ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication
is configured, allows remote attackers to bypass peer authentication via an
X.509 certificate chain with many intermediates. NOTE: although mbed TLS
was formerly known as PolarSSL, the releases shipped with the PolarSSL name
are not affected.
Notes
Package
Upstream:released (2.6.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.2.1-2ubuntu0.2)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2020-09-10 05:37:07 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)