[Buildroot] [PATCH 1/1] mbedtls: security bump to version 2.7.3
Peter Korsgaard
peter at korsgaard.com
Mon Jun 11 21:15:52 UTC 2018
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Extract from release announcement:
> - (2.9, 2.7, 2.1) Fixed an issue in the X.509 module which could lead
> to a buffer overread during certificate validation. Additionally, the
> issue could also lead to unnecessary callback checks being made or to
> some validation checks to be omitted. The overread could be triggered
> remotely, while the other issues would require a non DER-compliant
> certificate to be correctly signed by a trusted CA, or a trusted CA with
> a non DER-compliant certificate. Found by luocm. Fixes #825.
> - (2.9, 2.7, 2.1) Fixed the buffer length assertion in the
> ssl_parse_certificate_request() function which could lead to an
> arbitrary overread of the message buffer. The overreads could be caused
> by receiving a malformed algorithms section which was too short. In
> builds with debug output, this overread data was output with the debug
> data.
> - (2.9, 2.7, 2.1) Fixed a client-side bug in the validation of the
> server's ciphersuite choice which could potentially lead to the client
> accepting a ciphersuite it didn't offer or a ciphersuite that could not
> be used with the TLS or DTLS version chosen by the server. This could
> lead to corruption of internal data structures for some configurations.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2018.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list