mbedtls Info

mbedtls was added to epel10 repo on 2024-09-23
Page updated: 2026-04-10 07:35
Repo Status - Overall Status

Source NVR: mbedtls-3.6.5-1.el10_2 (2024-09-23)

Binary Packages

2405365	NEW	CVE-2025-59438 mbedtls: MbedTLS Padding oracle through timing of cipher error reporting [epel-10]
2454083	NEW	CVE-2026-34871 mbedtls: entropy on Linux can fall back to /dev/urandom [epel-all]
2454114	NEW	CVE-2026-25835 mbedtls: PSA random generator cloning [epel-all]
2454191	NEW	CVE-2026-34873 mbedtls: Mbed TLS: Client impersonation during TLS 1.3 session resumption [epel-all]
2454195	NEW	CVE-2026-34872 mbedtls: Mbed TLS and TF-PSA-Crypto: Shared secret manipulation via improper FFDH input validation [epel-all]
2454197	NEW	CVE-2025-66442 mbedtls: Mbed TLS and TF-PSA-Crypto: Information disclosure via compiler-induced timing side channel [epel-all]
2454201	NEW	CVE-2026-34875 mbedtls: Mbed TLS and TF-PSA-Crypto: Arbitrary code execution due to buffer overflow in FFDH key export [epel-all]
2454203	NEW	CVE-2026-25834 mbedtls: Mbed TLS: Algorithm downgrade vulnerability [epel-all]
2454617	NEW	CVE-2026-34876 mbedtls: CCM multipart finish tag-length validation bypass [epel-all]
2454621	NEW	CVE-2026-34877 mbedtls: Risk of insufficient protection of serialized session or context data leading to potential memory safety issues [epel-all]