All of lore.kernel.org
 help / color / mirror / Atom feed
From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] package/mbedtls: security bump to version 2.6.10
Date: Fri, 19 Mar 2021 23:09:20 +0100	[thread overview]
Message-ID: <87o8feu773.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20210312202133.10544-1-fontaine.fabrice@gmail.com> (Fabrice Fontaine's message of "Fri, 12 Mar 2021 21:21:33 +0100")

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > - Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
 >   |A| - |B| where |B| is larger than |A| and has more limbs (so the
 >   function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only
 >   applications calling mbedtls_mpi_sub_abs() directly are affected:
 >   all calls inside the library were safe since this function is
 >   only called with |A| >= |B|.
 > - Fix an errorneous estimation for an internal buffer in
 >   mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
 >   value the function might fail to write a private RSA keys of the
 >   largest supported size.
 > - Fix a stack buffer overflow with mbedtls_net_poll() and
 >   mbedtls_net_recv_timeout() when given a file descriptor that is
 >   beyond FD_SETSIZE.
 > - Guard against strong local side channel attack against base64 tables
 >   by making access aceess to them use constant flow code.

 > https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2020.02.x, 2020.11.x and 2021.02.x, thanks.

-- 
Bye, Peter Korsgaard

      parent reply	other threads:[~2021-03-19 22:09 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-12 20:21 [Buildroot] [PATCH 1/1] package/mbedtls: security bump to version 2.6.10 Fabrice Fontaine
2021-03-12 21:47 ` Yann E. MORIN
2021-03-19 22:09 ` Peter Korsgaard [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87o8feu773.fsf@dell.be.48ers.dk \
    --to=peter@korsgaard.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.