[Buildroot] [PATCH 1/1] package/mbedtls: security bump to version 2.16.5
Peter Korsgaard
peter at korsgaard.com
Sat Mar 14 14:36:51 UTC 2020
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> - Fix potential memory overread when performing an ECDSA signature
> operation. The overread only happens with cryptographically low
> probability (of the order of 2^-n where n is the bitsize of the
> curve) unless the RNG is broken, and could result in information
> disclosure or denial of service (application crash or extra resource
> consumption).
> - To avoid a side channel vulnerability when parsing an RSA private
> key, read all the CRT parameters from the DER structure rather than
> reconstructing them.
> - Update indentation of hash file (two spaces)
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2019.11.x, thanks.
For 2019.02.x I will instead bump to 2.7.14.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list