openwrt

mirror of https://github.com/openwrt/openwrt.git synced 2024-12-21 06:33:41 +00:00

History

Hauke Mehrtens 158a33591d mbedtls: update to version 2.28.2 Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. Fixes the following CVEs: * CVE-2022-46393: Fix potential heap buffer overread and overwrite in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. * CVE-2022-46392: An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) could recover an RSA private key after observing the victim performing a single private-key operation if the window size used for the exponentiation was 3 or smaller. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit `af3c9b74e1`)	2022-12-31 14:45:23 +01:00
..
patches	mbedtls: update to version 2.28.2	2022-12-31 14:45:23 +01:00
Makefile	mbedtls: update to version 2.28.2	2022-12-31 14:45:23 +01:00

Hauke Mehrtens 158a33591d mbedtls: update to version 2.28.2

Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.

Fixes the following CVEs:
* CVE-2022-46393: Fix potential heap buffer overread and overwrite in
DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

* CVE-2022-46392: An adversary with access to precise enough information
about memory accesses (typically, an untrusted operating system
attacking a secure enclave) could recover an RSA private key after
observing the victim performing a single private-key operation if the
window size used for the exponentiation was 3 or smaller.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit af3c9b74e1)

2022-12-31 14:45:23 +01:00

patches mbedtls: update to version 2.28.2 2022-12-31 14:45:23 +01:00

Makefile mbedtls: update to version 2.28.2 2022-12-31 14:45:23 +01:00