NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/wolfssl: security bump to version 5.5.1

Browse Source 
Denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.
This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2e4c0e722f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine 2022-09-28 23:36:31 +02:00 committed by Peter Korsgaard
parent a9c214f41c
commit 4cd106188a
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/wolfssl/wolfssl.hash
View File

@ -1,5 +1,5 @@
# Locally computed:
sha256 c34b74b5f689fac7becb05583b044e84d3b10d39f38709f0095dd5d423ded67f wolfssl-5.5.0.tar.gz
sha256 97339e6956c90e7c881ba5c748dd04f7c30e5dbe0c06da765418c51375a6dee3 wolfssl-5.5.1.tar.gz
# Hash for license files:
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING

2
package/wolfssl/wolfssl.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
WOLFSSL_VERSION = 5.5.0
WOLFSSL_VERSION = 5.5.1
WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION)-stable)
WOLFSSL_INSTALL_STAGING = YES