[Buildroot] [PATCH] package/wolfssl: security bump to version 3.5.17

Peter Korsgaard peter at korsgaard.com
Fri Jan 25 07:36:45 UTC 2019


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > From the release notes:
 > This release of wolfSSL includes a fix for 1 security vulnerability.

 > Medium level fix for potential cache attack with a variant of
 > Bleichenbacher’s attack.  Earlier versions of wolfSSL leaked PKCS #1 v1.5
 > padding information during private key decryption that could lead to a
 > potential padding oracle attack.  It is recommended that users update to the
 > latest version of wolfSSL if they have RSA cipher suites enabled and have
 > the potential for malicious software to be ran on the same system that is
 > performing RSA operations.  Users that have only ECC cipher suites enabled
 > and are not performing RSA PKCS #1 v1.5 Decryption operations are not
 > vulnerable.  Also users with TLS 1.3 only connections are not vulnerable to
 > this attack.  Thanks to Eyal Ronen (Weizmann Institute), Robert Gillham
 > (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir
 > (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of
 > Adelaide and Data61) for the report.

 > The paper for further reading on the attack details can be found at
 > http://cat.eyalro.net/cat.pdf

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2018.02.x and 2018.11.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list