Assemble Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
parent
0d57f1034e
commit
6ba416968b
3 changed files with 15 additions and 16 deletions
15
ChangeLog
15
ChangeLog
|
@ -1,5 +1,20 @@
|
|||
Mbed TLS ChangeLog (Sorted per branch, date)
|
||||
|
||||
= Mbed TLS 3.5.2 branch released 2024-01-26
|
||||
|
||||
Security
|
||||
* Fix a timing side channel in private key RSA operations. This side channel
|
||||
could be sufficient for an attacker to recover the plaintext. A local
|
||||
attacker or a remote attacker who is close to the victim on the network
|
||||
might have precise enough timing measurements to exploit this. It requires
|
||||
the attacker to send a large number of messages for decryption. For
|
||||
details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported
|
||||
by Hubert Kario, Red Hat.
|
||||
* Fix a failure to validate input when writing x509 extensions lengths which
|
||||
could result in an integer overflow, causing a zero-length buffer to be
|
||||
allocated to hold the extension. The extension would then be copied into
|
||||
the buffer, causing a heap buffer overflow.
|
||||
|
||||
= Mbed TLS 3.5.1 branch released 2023-11-06
|
||||
|
||||
Changes
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
Security
|
||||
* Fix a timing side channel in private key RSA operations. This side channel
|
||||
could be sufficient for an attacker to recover the plaintext. A local
|
||||
attacker or a remote attacker who is close to the victim on the network
|
||||
might have precise enough timing measurements to exploit this. It requires
|
||||
the attacker to send a large number of messages for decryption. For
|
||||
details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported
|
||||
by Hubert Kario, Red Hat.
|
|
@ -1,8 +0,0 @@
|
|||
Security
|
||||
* Fix a failure to validate input when writing x509 extensions lengths which
|
||||
could result in an integer overflow, causing a zero-length buffer to be
|
||||
allocated to hold the extension. The extension would then be copied into
|
||||
the buffer, causing a heap buffer overflow.
|
||||
|
||||
|
||||
|
Loading…
Reference in a new issue