[Buildroot] [PATCH 1/1] package/mbedtls: security bump to version 2.16.6

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] package/mbedtls: security bump to version 2.16.6
Date: Wed, 15 Apr 2020 21:50:05 +0200	[thread overview]
Message-ID: <20200415215005.7635e5e0@windsurf.home> (raw)
In-Reply-To: <20200414164448.2233648-1-fontaine.fabrice@gmail.com>

On Tue, 14 Apr 2020 18:44:48 +0200
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> - Fix CVE-2020-10932: fix side channel in ECC code that allowed an
>   adversary with access to precise enough timing and memory access
>   information (typically an untrusted operating system attacking a
>   secure enclave) to fully recover an ECDSA private key.
> - Fix a potentially remotely exploitable buffer overread in a DTLS
>   client when parsing the Hello Verify Request message.
> - Fix bug in DTLS handling of new associations with the same parameters
>   (RFC 6347 section 4.2.8): after sending its HelloVerifyRequest, the
>   server would end up with corrupted state and only send invalid records
>   to the client. An attacker able to send forged UDP packets to the
>   server could use that to obtain a Denial of Service. This could only
>   happen when MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE was enabled in
>   config.h (which it is by default).
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/mbedtls/mbedtls.hash | 6 +++---
>  package/mbedtls/mbedtls.mk   | 2 +-
>  2 files changed, 4 insertions(+), 4 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

next prev parent reply	other threads:[~2020-04-15 19:50 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-14 16:44 [Buildroot] [PATCH 1/1] package/mbedtls: security bump to version 2.16.6 Fabrice Fontaine
2020-04-15 19:50 ` Thomas Petazzoni [this message]
2020-05-06  5:13 ` Peter Korsgaard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200415215005.7635e5e0@windsurf.home \
    --to=thomas.petazzoni@bootlin.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.