diff options
author | Petr Štetiar <ynezz@true.cz> | 2022-09-28 11:28:06 +0200 |
---|---|---|
committer | Petr Štetiar <ynezz@true.cz> | 2022-09-29 07:36:19 +0200 |
commit | a596a8396b1ef23cd0eda22d9a628392e70e1e1a (patch) | |
tree | dc2b6fcd376285daf40ba6c4cef4a524bdc6ec2d /package | |
parent | 77d9cce604d32005ddb90e91c6cc9b9cf35068d7 (diff) | |
download | upstream-a596a8396b1ef23cd0eda22d9a628392e70e1e1a.tar.gz upstream-a596a8396b1ef23cd0eda22d9a628392e70e1e1a.tar.bz2 upstream-a596a8396b1ef23cd0eda22d9a628392e70e1e1a.zip |
wolfssl: fix TLSv1.3 RCE in uhttpd by using latest 5.5.1-stable release
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.
This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.
Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.
Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable
Fixes: https://github.com/openwrt/luci/issues/5962
References: https://github.com/wolfSSL/wolfssl/issues/5629
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'package')
-rw-r--r-- | package/libs/wolfssl/Makefile | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index d090dd5780..08a1ca7401 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl -PKG_VERSION:=5.5.0-stable +PKG_VERSION:=5.5.1-stable PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) -PKG_HASH:=c34b74b5f689fac7becb05583b044e84d3b10d39f38709f0095dd5d423ded67f +PKG_HASH:=97339e6956c90e7c881ba5c748dd04f7c30e5dbe0c06da765418c51375a6dee3 PKG_FIXUP:=libtool libtool-abiver PKG_INSTALL:=1 |