ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2024-12-20 06:08:08 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
fef1a52bd6
openwrt/package/libs
History
orangepizza 7f64f5b11a
mbedtls: security bump to version 2.28.7 
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:

* Timing side channel in private key RSA operations (CVE-2024-23170)

  Mbed TLS is vulnerable to a timing side channel in private key RSA
  operations. This side channel could be sufficient for an attacker to
  recover the plaintext. A local attacker or a remote attacker who is
  close to the victim on the network might have precise enough timing
  measurements to exploit this. It requires the attacker to send a large
  number of messages for decryption.

* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)

  When writing x509 extensions we failed to validate inputs passed in to
  mbedtls_x509_set_extension(), which could result in an integer overflow,
  causing a zero-length buffer to be allocated to hold the extension. The
  extension would then be copied into the buffer, causing a heap buffer
  overflow.

Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
(cherry picked from commit 920414ca88)
(cherry picked from commit b5c728948c)
2024-01-29 09:45:00 +00:00
..
argp-standalone argp-standalone: fix compilation with Alpine Linux 2022-03-16 17:58:24 +01:00
elfutils elfutils: Add missing musl-fts dependency 2022-01-07 20:50:50 -08:00
gettext-full gettext-full: add gmsgfmt symlink in host install 2022-04-05 00:20:24 +02:00
gmp packages: assign PKG_CPE_ID for all missing packages 2023-09-27 17:29:14 +02:00
jansson jansson: Activate link time optimization (LTO) 2020-09-06 20:30:18 +02:00
libaudit libaudit: add host-build required by policycoreutils/host 2020-09-01 14:24:07 +01:00
libbsd packages: assign PKG_CPE_ID for all missing packages 2023-09-27 17:29:14 +02:00
libcap libcap: Update to version 2.63 2022-02-01 21:25:02 +01:00
libevent2 libevent2: update to 2.1.12 2021-02-14 19:38:15 +01:00
libiconv package: replace $(STAGING_DIR)/host with $(STAGING_DIR_HOSTPKG) 2017-01-10 22:15:37 +01:00
libiconv-full libiconv-full: Makefile polishing 2020-11-26 13:09:32 -10:00
libjson-c libjson-c: don't build shared host libraries 2021-11-20 21:08:24 +01:00
libmnl libmnl: fix build when bash is not located at /bin/bash 2022-08-05 15:24:57 +02:00
libnetfilter-conntrack packages: assign PKG_CPE_ID for all missing packages 2023-09-27 17:29:14 +02:00
libnfnetlink libnfnetlink: update to 1.0.2 2022-04-10 16:26:01 +01:00
libnftnl libnftnl: add package CPE ID 2022-10-23 14:21:03 +02:00
libnl libnl: update to 3.5.0 2019-11-01 21:19:40 +01:00
libnl-tiny libnl-tiny: update to the latest version 2021-12-14 22:59:10 +01:00
libpcap packages: assign PKG_CPE_ID for all missing packages 2023-09-27 17:29:14 +02:00
libselinux libselinux: add missing host-build dependency on libsepol/host 2022-04-10 16:26:01 +01:00
libsemanage libsemanage: update to version 3.3 2021-10-28 22:15:02 +01:00
libsepol libsepol: update to version 3.3 2021-10-31 13:01:24 +00:00
libtool treewide: revise library packaging 2019-01-24 10:39:30 +01:00
libubox libubox: update to the latest version 2022-06-07 21:36:58 +02:00
libunwind libunwind: add ppc64 support 2021-12-21 21:37:05 +02:00
libusb libusb: fix missing link 2022-06-25 00:05:21 +02:00
mbedtls mbedtls: security bump to version 2.28.7 2024-01-29 09:45:00 +00:00
musl-fts musl-fts: add host build 2022-04-11 23:17:55 +02:00
ncurses ncurses: add package CPE ID 2022-10-23 14:21:03 +02:00
nettle nettle: disable assembler on ppc64 2021-12-21 21:36:55 +02:00
openssl openssl: update to version 1.1.1w 2023-09-29 11:56:24 +02:00
pcre pcre: disable shared libraries for host builds 2022-04-05 00:20:24 +02:00
popt treewide: Add extra CPE identifier 2023-09-27 22:33:09 +02:00
readline readline: add host PIC 2022-04-17 21:47:11 +02:00
sysfsutils treewide: Add extra CPE identifier 2023-09-27 22:33:09 +02:00
toolchain toolchain: reproducible libstdcpp 2022-04-06 13:59:44 +01:00
uclient uclient: update to Git version 2023-04-13 2023-04-13 20:54:06 +02:00
ustream-ssl treewide: Trigger reinstall of all wolfssl dependencies 2023-01-01 21:42:41 +01:00
wolfssl wolfssl: update to 5.6.4 2023-11-19 14:58:44 +01:00
zlib zlib: backport null dereference fix 2022-08-09 08:12:46 +02:00