mirror of
https://git.busybox.net/buildroot.git
synced 2024-12-04 10:53:30 +08:00
package/mbedtls: security bump to version 2.16.6
- Fix CVE-2020-10932: fix side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) to fully recover an ECDSA private key. - Fix a potentially remotely exploitable buffer overread in a DTLS client when parsing the Hello Verify Request message. - Fix bug in DTLS handling of new associations with the same parameters (RFC 6347 section 4.2.8): after sending its HelloVerifyRequest, the server would end up with corrupted state and only send invalid records to the client. An attacker able to send forged UDP packets to the server could use that to obtain a Denial of Service. This could only happen when MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE was enabled in config.h (which it is by default). Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
parent
e0fa2e4e2f
commit
b5704f8869
@ -1,5 +1,5 @@
|
||||
# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released
|
||||
sha1 c36962183e05467aa1dadafcaacf90216a737866 mbedtls-2.16.5-apache.tgz
|
||||
sha256 65b4c6cec83e048fd1c675e9a29a394ea30ad0371d37b5742453f74084e7b04d mbedtls-2.16.5-apache.tgz
|
||||
# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
|
||||
sha1 3cb5b681597a5bd798d31038c129c0dc911d8a2c mbedtls-2.16.6-apache.tgz
|
||||
sha256 66455e23a6190a30142cdc1113f7418158839331a9d8e6b0778631d077281770 mbedtls-2.16.6-apache.tgz
|
||||
# Locally calculated
|
||||
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 apache-2.0.txt
|
||||
|
@ -5,7 +5,7 @@
|
||||
################################################################################
|
||||
|
||||
MBEDTLS_SITE = https://tls.mbed.org/code/releases
|
||||
MBEDTLS_VERSION = 2.16.5
|
||||
MBEDTLS_VERSION = 2.16.6
|
||||
MBEDTLS_SOURCE = mbedtls-$(MBEDTLS_VERSION)-apache.tgz
|
||||
MBEDTLS_CONF_OPTS = \
|
||||
-DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_MBEDTLS_PROGRAMS),ON,OFF) \
|
||||
|
Loading…
Reference in New Issue
Block a user