Arch Linux Security Advisory ASA-201501-13 ========================================== Severity: Critical Date : 2015-01-20 CVE-ID : CVE-2015-1182 Package : polarssl Type : remote code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package polarssl before version 1.3.9-2 is vulnerable to remote code execution. Resolution ========== Upgrade to 1.3.9-2. # pacman -Syu "polarssl>=1.3.9-2" The problem has not been fixed upstream yet. Workaround ========== None. Description =========== During the parsing of a ASN.1 sequence, a pointer in the linked list of asn1_sequence is not initialized by asn1_get_sequence_of(). In case an error occurs during parsing of the list, a situation is created where the uninitialized pointer is passed to polarssl_free(). This sequence can be triggered when a PolarSSL entity is parsing a certificate. So practically this means clients when receiving a certificate from the server or servers in case they are actively asking for a client certificate. Impact ====== An attacker may be able to remotely execute arbitrary code on the targeted system. References ========== https://polarssl.org/tech-updates/security-advisories/polarssl-security-advi... https://bugs.archlinux.org/task/43508