Ubuntu Security Notice 4267-1 - It was discovered that mbedtls has a bounds-check bypass through an integer overflow that can be used by an attacked to execute arbitrary code or cause a denial of service. It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a denial of service via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. Various other issues were also addressed.
6ef2365473956a95058c44fc7e585d8daf238d0ea1f93d4dd325d781a3aa5508
Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.
5d3485e58aed10ea74809fdebbda1ff43b8d5d7612ae0a1b4170ddacd18b3b58