Fedora has issued an advisory today (January 10):
Upstream advisory from December 14:
The issues are fixed upstream in 2.16.12 (released December 17):
Mageia 8 is also affected.
On it. For the record mbedtls 2.16.12 is the final release in the 2.16 LTS branch, so we'll have to move to their newly released 2.28 LTS branch (in Cauldron first, and then see if we can afford the switch in Mageia 8 or should do what we can to backport security fixes - depends on what other distros do I guess).
mbedtls-2.16.12-1.mga9 pushed to Cauldron.
Update candidate for Mageia 8:
Updated mbedtls packages fix security vulnerabilities
This update provides Mbed TLS 2.16.12, with a number of bug fixes, including
See the referenced release notes and advisory for details.
SRPM in core/updates_testing:
RPMs in core/updates_testing:
The mbedtls packages were already installed but running godot failed with an error saying that the video driver did not support any of the supported openGL drivers. The GTX 1080Ti graphics card uses the nvidia 470.86 driver and has worked before in this context. This is a separate issue from mbedtls so a move to another machine is in order. Later.
OK. GLX is working on another nvidia machine.
Installed and updated mbedtls packages. Installed hiawatha and godot.
Replaced httpd by hiawatha and checked the welcome message at localhost in a browser - "It works!"
Visited a secure banking site, supplied credentials and downloaded accounts information. No problems.
Ran godot from the cli. Interface appeared. Created a user project, browsed asset library and downloaded and installed three tools without issue.
Viewed the res://assets/ in the FileSystem section and found the new tools listed under addons.
Played about with the gui but with no training had to back out.
It all looks good as far as it goes.
Validating. Advisory in Comment 2.
An update for this issue has been pushed to the Mageia Updates repository.