mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-05 13:34:19 +00:00
3a0232ffd3
This fixes multiple security problems: * [Medium] CVE-2024-1544 Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. * [Medium] CVE-2024-5288 A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. * [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. * [Low] CVE-2024-5991 In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. * [Medium] CVE-2024-5814 A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. * [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. * [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. Unset DISABLE_NLS to prevent setting the unsupported configuration option --disable-nls which breaks the build now. Link: https://github.com/openwrt/openwrt/pull/15948 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> |
||
|---|---|---|
| .. | ||
| argp-standalone | ||
| elfutils | ||
| gettext-full | ||
| gmp | ||
| jansson | ||
| libbpf | ||
| libbsd | ||
| libcap | ||
| libevent2 | ||
| libiconv-full | ||
| libjson-c | ||
| libmd | ||
| libmnl | ||
| libnetfilter-conntrack | ||
| libnfnetlink | ||
| libnftnl | ||
| libnl | ||
| libnl-tiny | ||
| libpcap | ||
| libselinux | ||
| libsemanage | ||
| libsepol | ||
| libtool | ||
| libtraceevent | ||
| libtracefs | ||
| libubox | ||
| libunistring | ||
| libunwind | ||
| libusb | ||
| libxml2 | ||
| mbedtls | ||
| mpfr | ||
| musl-fts | ||
| ncurses | ||
| nettle | ||
| openssl | ||
| pcre2 | ||
| popt | ||
| readline | ||
| sysfsutils | ||
| toolchain | ||
| uclient | ||
| udebug | ||
| ustream-ssl | ||
| wolfssl | ||
| zlib | ||