diff options
| author | orangepizza <tjtncks@gmail.com> | 2024-01-29 11:37:43 +0900 |
|---|---|---|
| committer | Petr Štetiar <ynezz@true.cz> | 2024-01-29 09:28:41 +0000 |
| commit | 920414ca8848fe1b430e436207b4f8c927819368 (patch) | |
| tree | 4c691973e59e70fd331b42c14abb1528b050643a /package/kernel/linux/modules | |
| parent | 60ffcfdabcc0159f949ecec74370fd7c5903afad (diff) | |
| download | upstream-920414ca8848fe1b430e436207b4f8c927819368.tar.gz upstream-920414ca8848fe1b430e436207b4f8c927819368.tar.bz2 upstream-920414ca8848fe1b430e436207b4f8c927819368.zip | |
mbedtls: security bump to version 2.28.7
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:
* Timing side channel in private key RSA operations (CVE-2024-23170)
Mbed TLS is vulnerable to a timing side channel in private key RSA
operations. This side channel could be sufficient for an attacker to
recover the plaintext. A local attacker or a remote attacker who is
close to the victim on the network might have precise enough timing
measurements to exploit this. It requires the attacker to send a large
number of messages for decryption.
* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)
When writing x509 extensions we failed to validate inputs passed in to
mbedtls_x509_set_extension(), which could result in an integer overflow,
causing a zero-length buffer to be allocated to hold the extension. The
extension would then be copied into the buffer, causing a heap buffer
overflow.
Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
Diffstat (limited to 'package/kernel/linux/modules')
0 files changed, 0 insertions, 0 deletions