NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
638b1422c6
kumquat-buildroot/package/wolfssl/wolfssl.hash
Fabrice Fontaine cd82a913d4 package/wolfssl: security bump to version 5.4.0 
Fix the following vulnerabilities:
 - [High] Potential for DTLS DoS attack. In wolfSSL versions before
   5.4.0 the return-routability check is wrongly skipped in a specific
   edge case. The check on the return-routability is there for stopping
   attacks that either consume excessive resources on the server, or try
   to use the server as an amplifier sending an excessive amount of
   messages to a victim IP. If using DTLS 1.0/1.2 on the server side
   users should update to avoid the potential DoS attack. CVE-2022-34293
 - [Medium] Ciphertext side channel attack on ECC and DH operations.
   Users on systems where rogue agents can monitor memory use should
   update the version of wolfSSL and change private ECC keys.

https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable
https://www.wolfssl.com/docs/security-vulnerabilities/

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-08-08 22:48:17 +02:00

7 lines
308 B
Plaintext
Raw Blame History

# Locally computed:
sha256 dc36cc19dad197253e5c2ecaa490c7eef579ad448706e55d73d79396e814098b wolfssl-5.4.0.tar.gz
# Hash for license files:
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
sha256 b23c1da1f85d699d3288d73c952b4cd02760d23dc1ddc1b221cbb8be82387189 LICENSING
Reference in New Issue View Git Blame Copy Permalink