[Buildroot] [PATCH] mbedtls: security bump to version 2.7.2

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] mbedtls: security bump to version 2.7.2
Date: Wed, 25 Apr 2018 15:42:06 +0200	[thread overview]
Message-ID: <20180425154206.10c858cc@windsurf> (raw)
In-Reply-To: <be768b1de8c5908cef3e3acbff3bc03adcefd1a0.1524570502.git.baruch@tkos.co.il>

Hello,

On Tue, 24 Apr 2018 14:48:22 +0300, Baruch Siach wrote:
> The release announcement mentions these security fixes:
> 
>   Defend against Bellcore glitch attacks by verifying the results of RSA
>   private key operations.
> 
>   Fix implementation of the truncated HMAC extension. The previous
>   implementation allowed an offline 2^80 brute force attack on the HMAC
>   key of a single, uninterrupted connection (with no resumption of the
>   session).
> 
>   Reject CRLs containing unsupported critical extensions.
> 
>   Fix a buffer overread in ssl_parse_server_key_exchange() that could
>   cause a crash on invalid input. (CVE-2018-9988)
> 
>   Fix a buffer overread in ssl_parse_server_psk_hint() that could cause
>   a crash on invalid input. (CVE-2018-9989)
> 
> Drop upstream patch.
> 
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
>  ...1-dhm-Fix-typo-in-RFC-5114-constants.patch | 33 -------------------
>  package/mbedtls/mbedtls.hash                  |  6 ++--
>  package/mbedtls/mbedtls.mk                    |  2 +-
>  3 files changed, 4 insertions(+), 37 deletions(-)
>  delete mode 100644 package/mbedtls/0001-dhm-Fix-typo-in-RFC-5114-constants.patch

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com

next prev parent reply	other threads:[~2018-04-25 13:42 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-24 11:48 [Buildroot] [PATCH] mbedtls: security bump to version 2.7.2 Baruch Siach
2018-04-25 13:42 ` Thomas Petazzoni [this message]
2018-05-01  6:55 ` Peter Korsgaard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180425154206.10c858cc@windsurf \
    --to=thomas.petazzoni@bootlin.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.