projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9b7936f) | patch
package/mbedtls: security bump to version 2.16.4
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Fri, 17 Jan 2020 21:51:21 +0000 (22:51 +0100)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sat, 18 Jan 2020 12:44:22 +0000 (13:44 +0100)
commita7186d0913f4df2f86439abfdadbaec60f359818
treeff43098766c241bec7891f2b7bb5daf37f3484catree
parent9b7936fab6f13655e8c9ac98702b4577c496351fcommit | diff
package/mbedtls: security bump to version 2.16.4

Fix CVE-2019-18222: Our bignum implementation is not constant
time/constant trace, so side channel attacks can retrieve the blinded
value, factor it (as it is smaller than RSA keys and not guaranteed to
have only large prime factors), and then, by brute force, recover the
key. Reported by Alejandro Cabrera Aldaya and Billy Brumley.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/mbedtls/mbedtls.hash diff | blob | history
package/mbedtls/mbedtls.mk diff | blob | history