diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2024-07-15 01:06:38 +0200 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2024-07-16 00:25:54 +0200 |
commit | 591b7e93d316ca1d6812cac179dae9200aeca07b (patch) | |
tree | 9c5328aa4284d1ba7e6cb4bf2c3eee1981b78391 /target/linux/ath79/dts/ar7241_ubnt_rocket-m.dts | |
parent | d5ba3ca35c4a5f7012dee0d0eb85b556642e17c5 (diff) | |
download | openwrt-591b7e93d316ca1d6812cac179dae9200aeca07b.tar.gz openwrt-591b7e93d316ca1d6812cac179dae9200aeca07b.tar.bz2 openwrt-591b7e93d316ca1d6812cac179dae9200aeca07b.zip |
wolfssl: Update to version 5.7.2
This fixes multiple security problems:
* [Medium] CVE-2024-1544
Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls.
* [Medium] CVE-2024-5288
A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations.
* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS.
* [Low] CVE-2024-5991
In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.
* [Medium] CVE-2024-5814
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection.
* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received.
* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt.
Unset DISABLE_NLS to prevent setting the unsupported configuration
option --disable-nls which breaks the build now.
Link: https://github.com/openwrt/openwrt/pull/15948
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3a0232ffd33f2dc894c671d90de6b2766399f4dc)
Diffstat (limited to 'target/linux/ath79/dts/ar7241_ubnt_rocket-m.dts')
0 files changed, 0 insertions, 0 deletions