4e1b3c6e9f
From the release notes: This release of wolfSSL includes a fix for 1 security vulnerability. Medium level fix for potential cache attack with a variant of Bleichenbacher’s attack. Earlier versions of wolfSSL leaked PKCS #1 v1.5 padding information during private key decryption that could lead to a potential padding oracle attack. It is recommended that users update to the latest version of wolfSSL if they have RSA cipher suites enabled and have the potential for malicious software to be ran on the same system that is performing RSA operations. Users that have only ECC cipher suites enabled and are not performing RSA PKCS #1 v1.5 Decryption operations are not vulnerable. Also users with TLS 1.3 only connections are not vulnerable to this attack. Thanks to Eyal Ronen (Weizmann Institute), Robert Gillham (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of Adelaide and Data61) for the report. The paper for further reading on the attack details can be found at http://cat.eyalro.net/cat.pdf Drop now upstreamed patch. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 lines
306 B
Plaintext
7 lines
306 B
Plaintext
# Locally computed:
|
|
sha256 70e4fbeb91284a269b25a84fc526755c670475aee4034a6f237b1f754d108af3 v3.15.7-stable.tar.gz
|
|
|
|
# Hash for license files:
|
|
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
|
|
sha256 74adaaef40b96c71378b6daa3feb8ccd4a1bfd9b76debf3f3f29cf3a0e86c9a0 LICENSING
|