mbedtls: fix CVE-2024-28755 and CVE-2024-28836 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2025-02-05 05:24:22 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-02-09 07:58:36 -0800
commit	b7dc1e8eb72b01595a60367f8fd375625268b8a2 (patch)
tree	ce431e92541ea1a0627beeedec7888278c4659f8 /meta-python/recipes-devtools/python/python3-cachetools
parent	068379172d52f1f119bfb8eecdc77494898ea504 (diff)
download	meta-openembedded-b7dc1e8eb72b01595a60367f8fd375625268b8a2.tar.gz

mbedtls: fix CVE-2024-28755 and CVE-2024-28836

An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2. fix indent issue in mbedtls_3.5.2.bb file. Reference: https://security-tracker.debian.org/tracker/CVE-2024-28755 https://security-tracker.debian.org/tracker/CVE-2024-28836 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-cachetools')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: