Hello community, here is the log from the commit of package mbedtls for openSUSE:Factory checked in at 2020-10-03 18:55:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mbedtls (Old) and /work/SRC/openSUSE:Factory/.mbedtls.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mbedtls" Sat Oct 3 18:55:47 2020 rev:26 rq:838417 version:2.24.0 Changes: -------- --- /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes 2020-09-09 17:47:12.170439291 +0200 +++ /work/SRC/openSUSE:Factory/.mbedtls.new.4249/mbedtls.changes 2020-10-03 18:55:59.125514382 +0200 @@ -1,0 +2,44 @@ +Wed Sep 9 11:24:12 UTC 2020 - Dirk Mueller <[email protected]> + +- update to 2.24.0: + * see https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0 + * Fix a vulnerability in the verification of X.509 certificates when matching + the expected common name (the cn argument of mbedtls_x509_crt_verify()) + with the actual certificate name: when the subjecAltName extension is + present, the expected name was compared to any name in that extension + regardless of its type. This means that an attacker could for example + impersonate a 4-bytes or 16-byte domain by getting a certificate for the + corresponding IPv4 or IPv6 (this would require the attacker to control that + IP address, though). Similar attacks using other subjectAltName name types + might be possible. + * When checking X.509 CRLs, a certificate was only considered as revoked if + its revocationDate was in the past according to the local clock if + available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE, + certificates were never considered as revoked. On builds with + MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for + example, an untrusted OS attacking a secure enclave) could prevent + revocation of certificates via CRLs. Fixed by no longer checking the + revocationDate field, in accordance with RFC 5280. Reported by yuemonangong + in #3340. Reported independently and fixed by Raoul Strackx and Jethro + * In (D)TLS record decryption, when using a CBC ciphersuites without the + Encrypt-then-Mac extension, use constant code flow memory access patterns + to extract and check the MAC. This is an improvement to the existing + countermeasure against Lucky 13 attacks. The previous countermeasure was + effective against network-based attackers, but less so against local + attackers. The new countermeasure defends against local attackers, even if + they have access to fine-grained measurements. In particular, this fixes a + local Lucky 13 cache attack found and reported by Tuba Yavuz, Farhaan + Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler (University of + Florida) and Dave Tian (Purdue University). + * Fix side channel in RSA private key operations and static (finite-field) + Diffie-Hellman. An adversary with precise enough timing and memory access + information (typically an untrusted operating system attacking a secure + enclave) could bypass an existing counter-measure (base blinding) and + potentially fully recover the private key. + * Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der(). Credit to + OSS-Fuzz for detecting the problem and to Philippe Antoine for pinpointing + the problematic code. + * Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused + application data from memory. + +------------------------------------------------------------------- Old: ---- v2.23.0.tar.gz New: ---- v2.24.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mbedtls.spec ++++++ --- /var/tmp/diff_new_pack.J9nrZK/_old 2020-10-03 18:56:01.329516823 +0200 +++ /var/tmp/diff_new_pack.J9nrZK/_new 2020-10-03 18:56:01.329516823 +0200 @@ -20,7 +20,7 @@ %define lib_crypto libmbedcrypto5 %define lib_x509 libmbedx509-1 Name: mbedtls -Version: 2.23.0 +Version: 2.24.0 Release: 0 Summary: Libraries for crypto and SSL/TLS protocols License: Apache-2.0 ++++++ v2.23.0.tar.gz -> v2.24.0.tar.gz ++++++ ++++ 24237 lines of diff (skipped)
