[Buildroot] [PATCH] package/wolfssl: security bump to version 3.5.17
Peter Korsgaard
peter at korsgaard.com
Fri Jan 25 07:36:45 UTC 2019
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> From the release notes:
> This release of wolfSSL includes a fix for 1 security vulnerability.
> Medium level fix for potential cache attack with a variant of
> Bleichenbacher’s attack. Earlier versions of wolfSSL leaked PKCS #1 v1.5
> padding information during private key decryption that could lead to a
> potential padding oracle attack. It is recommended that users update to the
> latest version of wolfSSL if they have RSA cipher suites enabled and have
> the potential for malicious software to be ran on the same system that is
> performing RSA operations. Users that have only ECC cipher suites enabled
> and are not performing RSA PKCS #1 v1.5 Decryption operations are not
> vulnerable. Also users with TLS 1.3 only connections are not vulnerable to
> this attack. Thanks to Eyal Ronen (Weizmann Institute), Robert Gillham
> (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir
> (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of
> Adelaide and Data61) for the report.
> The paper for further reading on the attack details can be found at
> http://cat.eyalro.net/cat.pdf
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2018.02.x and 2018.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list