openwrt/package
Petr Štetiar 914d912741 wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: https://github.com/openwrt/luci/issues/5962
References: https://github.com/wolfSSL/wolfssl/issues/5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ec8fb542ec)
(cherry picked from commit ce59843662)
2022-10-05 21:09:48 +02:00
..
base-files base-files: add support for heartbeat led trigger 2022-09-24 18:00:12 +02:00
boot uboot-bcm4908: include SoC in output files 2022-09-01 17:39:51 +02:00
devel binutils: fix libbfd missing DSO dependency if NLS enabled 2021-04-10 14:22:28 +02:00
firmware firmware: intel-microcode: update to 20220510 2022-07-23 00:25:50 +02:00
kernel mt76: backport fix encap offload ethernet type check 2022-08-28 08:33:46 +02:00
libs wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173) 2022-10-05 21:09:48 +02:00
network mac80211: disable ft-over-ds by default 2022-08-30 11:01:27 +02:00
system rpcd: backport 802.11ax support 2022-02-19 10:01:03 +01:00
utils sdk: add spidev-test to the bundle of userspace sources 2022-07-19 20:27:06 +02:00
Makefile build: fix opkg install step for large package selection 2021-12-31 17:55:29 +01:00