ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2024-12-22 15:02:32 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
9ee626f945
openwrt/package/libs
History
orangepizza b5c728948c
mbedtls: security bump to version 2.28.7 
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:

* Timing side channel in private key RSA operations (CVE-2024-23170)

  Mbed TLS is vulnerable to a timing side channel in private key RSA
  operations. This side channel could be sufficient for an attacker to
  recover the plaintext. A local attacker or a remote attacker who is
  close to the victim on the network might have precise enough timing
  measurements to exploit this. It requires the attacker to send a large
  number of messages for decryption.

* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)

  When writing x509 extensions we failed to validate inputs passed in to
  mbedtls_x509_set_extension(), which could result in an integer overflow,
  causing a zero-length buffer to be allocated to hold the extension. The
  extension would then be copied into the buffer, causing a heap buffer
  overflow.

Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
(cherry picked from commit 920414ca88)
2024-01-29 09:41:19 +00:00
..
argp-standalone treewide: opt-out of tree-wide LTO usage 2023-03-21 18:28:23 +01:00
elfutils treewide: replace PKG_USE_MIPS16:=0 with PKG_BUILD_FLAGS:=no-mips16 2023-03-21 18:28:22 +01:00
gettext-full gettext-full: link to local libunistring 2023-05-15 16:14:44 +02:00
gmp packages: assign PKG_CPE_ID for all missing packages 2023-09-27 22:37:01 +02:00
jansson treewide: add support for "lto" in PKG_BUILD_FLAGS 2023-03-21 18:28:22 +01:00
libaudit treewide: replace PKG_USE_MIPS16:=0 with PKG_BUILD_FLAGS:=no-mips16 2023-03-21 18:28:22 +01:00
libbpf packages: assign PKG_CPE_ID for all missing packages 2023-09-27 22:37:01 +02:00
libbsd packages: assign PKG_CPE_ID for all missing packages 2023-09-27 22:37:01 +02:00
libcap libcap: update to 2.69 2023-05-24 19:26:24 +01:00
libevent2 treewide: add support for "lto" in PKG_BUILD_FLAGS 2023-03-21 18:28:22 +01:00
libiconv-full libiconv-full: add host build 2022-07-17 14:21:03 +02:00
libjson-c libjson-c: import patch to fix compilation on macos 2023-05-19 13:43:18 +02:00
libmd libmd: add library providing message digest functions 2022-09-11 01:30:11 +02:00
libmnl libmnl: add PKG_CPE_ID 2022-09-06 16:36:44 +01:00
libnetfilter-conntrack packages: assign PKG_CPE_ID for all missing packages 2023-09-27 22:37:01 +02:00
libnfnetlink libnfnetlink: add PKG_CPE_ID 2022-09-06 16:36:45 +01:00
libnftnl libnftnl: update to 1.2.6 2023-07-20 08:04:11 +02:00
libnl libnl: add support for cli 2023-11-05 12:22:47 +01:00
libnl-tiny libnl-tiny: update to latest Git HEAD 2023-07-27 12:06:02 +02:00
libpcap packages: assign PKG_CPE_ID for all missing packages 2023-09-27 22:37:01 +02:00
libselinux libselinux: opt-out of lto usage 2023-10-31 00:44:03 +01:00
libsemanage libsemanage: update to 3.5 2023-05-18 10:14:13 +02:00
libsepol libsepol: opt-out of lto usage 2023-10-31 00:44:03 +01:00
libtool libtool: update to 2.4.7 2022-07-10 19:07:47 +02:00
libtraceevent libtraceevent: update to 1.7.2 2023-04-01 22:02:24 +02:00
libtracefs libtracefs: update to 1.6.4 2023-01-13 22:02:20 +01:00
libubox libubox: update to the latest version 2023-06-12 22:10:18 +02:00
libunistring libunistring: add from packages feed 2023-05-15 16:14:41 +02:00
libunwind libunwind: update to 1.6.2 2022-09-07 04:22:40 +01:00
libusb treewide: replace AUTORELEASE with real PKG_RELEASE 2023-05-18 11:35:29 +02:00
libxml2 libxml2: update to 2.11.4 2023-05-24 19:26:28 +01:00
mbedtls mbedtls: security bump to version 2.28.7 2024-01-29 09:41:19 +00:00
musl-fts musl-fts: remove shared libraries from host 2022-03-27 14:38:13 +02:00
ncurses ncurses: add alacritty terminfo 2023-02-26 01:12:02 +01:00
nettle nettle: update to 3.9.1 2023-08-27 23:49:27 +02:00
openssl openssl: update to 3.0.12 2023-10-26 00:14:10 +02:00
pcre2 pcre2: fix host compilation of libselinux by enabling PIC 2023-05-31 23:10:06 +02:00
popt treewide: Add extra CPE identifier 2023-09-27 22:37:13 +02:00
readline readline: update to 8.2 2022-10-23 18:16:22 +02:00
sysfsutils treewide: Add extra CPE identifier 2023-09-27 22:37:13 +02:00
toolchain toolchain: reproducible libstdcpp 2022-04-01 12:54:58 +01:00
uclient uclient: update to Git version 2023-04-13 2023-04-13 20:51:05 +02:00
ustream-ssl ustream-ssl: update to Git version 2023-02-25 2023-02-25 18:37:26 +01:00
wolfssl wolfssl: update to 5.6.4 2023-11-11 18:18:29 +01:00
zlib treewide: replace AUTORELEASE with real PKG_RELEASE 2023-05-18 11:35:29 +02:00