Message ID | 20220130162538.3370704-4-hauke@hauke-m.de |
---|---|
State | Accepted |
Delegated to: | Hauke Mehrtens |
Headers | show |
Series | [01/11] toolchain: glibc: update to latest 2.34 HEAD | expand |
On 1/30/22 17:25, Hauke Mehrtens wrote: > This fixes the following security problems: > * Zeroize several intermediate variables used to calculate the expected > value when verifying a MAC or AEAD tag. This hardens the library in > case the value leaks through a memory disclosure vulnerability. For > example, a memory disclosure vulnerability could have allowed a > man-in-the-middle to inject fake ciphertext into a DTLS connection. > * Fix a double-free that happened after mbedtls_ssl_set_session() or > mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED > (out of memory). After that, calling mbedtls_ssl_session_free() > and mbedtls_ssl_free() would cause an internal session buffer to > be free()'d twice. CVE-2021-44732 > > The sizes of the ipk changed on MIPS 24Kc like this: > 182454 libmbedtls12_2.16.11-2_mips_24kc.ipk > 182742 libmbedtls12_2.16.12-1_mips_24kc.ipk > > Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> > --- > package/libs/mbedtls/Makefile | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > Mbed TLS 2.28 is the new long term branch supported for the next 3 years. We should probably update to this version to continue to get updates fro master. https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0 I would still merge this update of the minor version and we can do the major version update in a separate step. Hauke
diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile index 6adf091c3ce0..d3f7d0cad2a6 100644 --- a/package/libs/mbedtls/Makefile +++ b/package/libs/mbedtls/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mbedtls -PKG_VERSION:=2.16.11 +PKG_VERSION:=2.16.12 PKG_RELEASE:=$(AUTORELEASE) PKG_USE_MIPS16:=0 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=c18e7e9abf95e69e425260493720470021384a1728417042060a35d0b7b18b41 +PKG_HASH:=294871ab1864a65d0b74325e9219d5bcd6e91c34a3c59270c357bb9ae4d5c393 PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=gpl-2.0.txt
This fixes the following security problems: * Zeroize several intermediate variables used to calculate the expected value when verifying a MAC or AEAD tag. This hardens the library in case the value leaks through a memory disclosure vulnerability. For example, a memory disclosure vulnerability could have allowed a man-in-the-middle to inject fake ciphertext into a DTLS connection. * Fix a double-free that happened after mbedtls_ssl_set_session() or mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED (out of memory). After that, calling mbedtls_ssl_session_free() and mbedtls_ssl_free() would cause an internal session buffer to be free()'d twice. CVE-2021-44732 The sizes of the ipk changed on MIPS 24Kc like this: 182454 libmbedtls12_2.16.11-2_mips_24kc.ipk 182742 libmbedtls12_2.16.12-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> --- package/libs/mbedtls/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)