diff options
| author | Baruch Siach <baruch@tkos.co.il> | 2018-04-24 14:48:22 +0300 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@bootlin.com> | 2018-04-25 15:29:57 +0200 |
| commit | babc94e9dd4a1a04c4a0befdb6d32236a30b8ea8 (patch) | |
| tree | d52495b4c66172b79f6b0b43f4daaf8e309363e7 /package/mbedtls/mbedtls.mk | |
| parent | 1667fe58106aa5bdb63e0c8db2e34c605947464a (diff) | |
| download | buildroot-babc94e9dd4a1a04c4a0befdb6d32236a30b8ea8.tar.gz buildroot-babc94e9dd4a1a04c4a0befdb6d32236a30b8ea8.zip | |
mbedtls: security bump to version 2.7.2
The release announcement mentions these security fixes:
Defend against Bellcore glitch attacks by verifying the results of RSA
private key operations.
Fix implementation of the truncated HMAC extension. The previous
implementation allowed an offline 2^80 brute force attack on the HMAC
key of a single, uninterrupted connection (with no resumption of the
session).
Reject CRLs containing unsupported critical extensions.
Fix a buffer overread in ssl_parse_server_key_exchange() that could
cause a crash on invalid input. (CVE-2018-9988)
Fix a buffer overread in ssl_parse_server_psk_hint() that could cause
a crash on invalid input. (CVE-2018-9989)
Drop upstream patch.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Diffstat (limited to 'package/mbedtls/mbedtls.mk')
| -rw-r--r-- | package/mbedtls/mbedtls.mk | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/package/mbedtls/mbedtls.mk b/package/mbedtls/mbedtls.mk index 7c26ea95ee..ca44ee3713 100644 --- a/package/mbedtls/mbedtls.mk +++ b/package/mbedtls/mbedtls.mk @@ -5,7 +5,7 @@ ################################################################################ MBEDTLS_SITE = https://tls.mbed.org/code/releases -MBEDTLS_VERSION = 2.7.0 +MBEDTLS_VERSION = 2.7.2 MBEDTLS_SOURCE = mbedtls-$(MBEDTLS_VERSION)-apache.tgz MBEDTLS_CONF_OPTS = \ -DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_MBEDTLS_PROGRAMS),ON,OFF) \ |
