维护版本 mbed TLS 2.1.2/1.3.14, 和 PolarSSL 1.2.17 发布,这些版本主要修复一个远程可利用漏洞,修复了其他漏洞和一些 bug。
安全
Guido Vranken 发现并报告了 8 个潜在的漏洞,现已修复。最重要的漏洞描述请看mbed TLS security advisory 2015-01,这个漏洞可以造成在一个客户端使用基于 ticket 的会话恢复连接到恶意服务器时可以远程执行代码。
其他修复:
- Potential double-free if
mbedtls_ssl_set_hs_psk() is called more than once in the same handshake and mbedtls_ssl_conf_psk() was used
- Stack buffer overflow in PKCS12 decryption (used by
mbedtls_pk_parse_key(file)()) when the password is > 129 bytes
- Potential buffer overflow in
mbedtls_mpi_read_string(). This is not exploitable remotely in the context of TLS, but it may be in other protocols. On 32 bit machines, this would require reading a string of close to or larger than 1GB of data to exploit; on 64 bit machines, it would require reading a string of close to or larger than 2^62 bytes
- Potential random memory allocation in
mbedtls_pem_read_buffer() on crafted PEM input data. Triggerable remotely if you accept PEM data from an untrusted source
- Potential heap buffer overflow in
base64_encode() when the input buffer is 512MB or larger on 32-bit platforms
- Potential double-free if
mbedtls_conf_psk() is called repeatedly on the samembedtls_ssl_config object and memory allocation fails
- Potential heap buffer overflow in servers that perform client authentication against a crafted CA cert. Cannot be triggered remotely unless you allow third parties to pick trust CAs for client auth
2 个构建错误修复:one when building net.c with the musl C library, the other when building with MSVC in C++ mode.
下载:
更多内容请看发行说明。
相关文章
