[Buildroot] [PATCH] mbedtls: security bump to version 2.7.0
Peter Korsgaard
peter at korsgaard.com
Tue Apr 10 20:47:52 UTC 2018
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> CVE-2018-0487: Remote attackers can execute arbitrary code or cause a
> denial of service (buffer overflow) via a crafted certificate chain that
> is mishandled during RSASSA-PSS signature verification within a TLS or
> DTLS session.
> CVE-2018-0488: When the truncated HMAC extension and CBC are used,
> allows remote attackers to execute arbitrary code or cause a denial of
> service (heap corruption) via a crafted application packet within a TLS
> or DTLS session.
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list