mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-19 13:48:06 +00:00
wolfssl: fix TLSv1.3 RCE in uhttpd by using latest 5.5.1-stable release
Fixes denial of service attack and buffer overflow against TLS 1.3 servers using session ticket resumption. When built with --enable-session-ticket and making use of TLS 1.3 server code in wolfSSL, there is the possibility of a malicious client to craft a malformed second ClientHello packet that causes the server to crash. This issue is limited to when using both --enable-session-ticket and TLS 1.3 on the server side. Users with TLS 1.3 servers, and having --enable-session-ticket, should update to the latest version of wolfSSL. Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France" for research on tlspuffin. Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable Fixes: https://github.com/openwrt/luci/issues/5962 References: https://github.com/wolfSSL/wolfssl/issues/5629 Signed-off-by: Petr Štetiar <ynezz@true.cz>
This commit is contained in:
parent
77d9cce604
commit
a596a8396b
@ -8,12 +8,12 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=wolfssl
|
||||
PKG_VERSION:=5.5.0-stable
|
||||
PKG_VERSION:=5.5.1-stable
|
||||
PKG_RELEASE:=$(AUTORELEASE)
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
|
||||
PKG_HASH:=c34b74b5f689fac7becb05583b044e84d3b10d39f38709f0095dd5d423ded67f
|
||||
PKG_HASH:=97339e6956c90e7c881ba5c748dd04f7c30e5dbe0c06da765418c51375a6dee3
|
||||
|
||||
PKG_FIXUP:=libtool libtool-abiver
|
||||
PKG_INSTALL:=1
|
||||
|
Loading…
Reference in New Issue
Block a user