This website requires JavaScript.
Explore
Help
Sign In
pool
/
mbedtls
SHA256
Watch
2
Star
0
Fork
1
You've already forked mbedtls
Code
Issues
Pull Requests
Actions
Packages
Projects
Releases
Wiki
Activity
4f3728d555
mbedtls
/
baselibs.conf
4 lines
42 B
Plaintext
Raw
Normal View
History
Unescape
Escape
Accepting request 657220 from home:pmonrealgonzalez:branches:security:tls - Library package version bumped to libmbedtls12 - Update to version 2.14.1: [bsc#1118727, CVE-2018-19608] Security * Fix timing variations and memory access variations in RSA PKCS#1 v1.5 decryption that could lead to a Bleichenbacher-style padding oracle attack. In TLS, this affects servers that accept ciphersuites based on RSA decryption (i.e. ciphersuites whose name contains RSA but not (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute), Robert Gillham (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of Adelaide, Data61). The attack is described in more detail in the paper available here: http://cat.eyalro.net/cat.pdf CVE-2018-19608 * In mbedtls_mpi_write_binary(), don't leak the exact size of the number via branching and memory access patterns. An attacker who could submit a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing of the decryption and not its result could nonetheless decrypt RSA plaintexts and forge RSA signatures. Other asymmetric algorithms may have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom. * Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG modules. API Changes * The new functions mbedtls_ctr_drbg_update_ret() and mbedtls_hmac_drbg_update_ret() are similar to mbedtls_ctr_drbg_update() and mbedtls_hmac_drbg_update() respectively, but the new functions report errors whereas the old functions return void. We recommend that applications use the new functions. - Version 2.14.0: Security OBS-URL: https://build.opensuse.org/request/show/657220 OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls?expand=0&rev=4
2018-12-11 16:42:05 +01:00
libmbedtls12
Accepting request 423405 from devel:libraries:c_c++ - Merge changes from home:X0F:HSF - Add mbedtls_fix522.patch which fixes building of dpendant libraries - Update description - Split shared libraries to subpackages - update to 2.3.0: * adding libmbedcrypto, libmbedx509 * headers moved to /usr/include/mbedtls * remove compatibility symlink * source compatibility header /usr/include/mbedtls/compat-1.3.h * Use primary upstream license (Apache-2.0) OBS-URL: https://build.opensuse.org/request/show/423405 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=9
2016-09-30 15:22:53 +02:00
libmbedx509-0
Accepting request 621852 from devel:libraries:c_c++ OBS-URL: https://build.opensuse.org/request/show/621852 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=17
2018-07-13 10:19:30 +02:00
libmbedcrypto3
Reference in New Issue
Copy Permalink
