mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-20 22:23:27 +00:00
7f64f5b11a
This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for following security issues: * Timing side channel in private key RSA operations (CVE-2024-23170) Mbed TLS is vulnerable to a timing side channel in private key RSA operations. This side channel could be sufficient for an attacker to recover the plaintext. A local attacker or a remote attacker who is close to the victim on the network might have precise enough timing measurements to exploit this. It requires the attacker to send a large number of messages for decryption. * Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775) When writing x509 extensions we failed to validate inputs passed in to mbedtls_x509_set_extension(), which could result in an integer overflow, causing a zero-length buffer to be allocated to hold the extension. The extension would then be copied into the buffer, causing a heap buffer overflow. Fixes: CVE-2024-23170, CVE-2024-23775 References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/ References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/ Signed-off-by: orangepizza <tjtncks@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes] (cherry picked from commit |
||
---|---|---|
.. | ||
argp-standalone | ||
elfutils | ||
gettext-full | ||
gmp | ||
jansson | ||
libaudit | ||
libbsd | ||
libcap | ||
libevent2 | ||
libiconv | ||
libiconv-full | ||
libjson-c | ||
libmnl | ||
libnetfilter-conntrack | ||
libnfnetlink | ||
libnftnl | ||
libnl | ||
libnl-tiny | ||
libpcap | ||
libselinux | ||
libsemanage | ||
libsepol | ||
libtool | ||
libubox | ||
libunwind | ||
libusb | ||
mbedtls | ||
musl-fts | ||
ncurses | ||
nettle | ||
openssl | ||
pcre | ||
popt | ||
readline | ||
sysfsutils | ||
toolchain | ||
uclient | ||
ustream-ssl | ||
wolfssl | ||
zlib |