diff options
| author | Hauke Mehrtens <hauke@hauke-m.de> | 2022-01-29 11:56:27 +0100 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2022-02-12 19:42:08 +0100 |
| commit | 32d50a1281a76fab45d6bce5ea0d1ac6ff74a78d (patch) | |
| tree | 33cae00390219c23f21734f420fa68eaf1578ea0 /COPYING | |
| parent | c6ddf8d5021d5262ecac8648d6ae849a47e1f0fb (diff) | |
| download | upstream-32d50a1281a76fab45d6bce5ea0d1ac6ff74a78d.tar.gz upstream-32d50a1281a76fab45d6bce5ea0d1ac6ff74a78d.tar.bz2 upstream-32d50a1281a76fab45d6bce5ea0d1ac6ff74a78d.zip | |
mbedtls: Update to version 2.16.12
This fixes the following security problems:
* Zeroize several intermediate variables used to calculate the expected
value when verifying a MAC or AEAD tag. This hardens the library in
case the value leaks through a memory disclosure vulnerability. For
example, a memory disclosure vulnerability could have allowed a
man-in-the-middle to inject fake ciphertext into a DTLS connection.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
(out of memory). After that, calling mbedtls_ssl_session_free()
and mbedtls_ssl_free() would cause an internal session buffer to
be free()'d twice. CVE-2021-44732
The sizes of the ipk changed on MIPS 24Kc like this:
182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 57f38e2c827e3be71d8b1709073e366afe011985)
Diffstat (limited to 'COPYING')
0 files changed, 0 insertions, 0 deletions