mirror/openwrt
1
0
Fork 0
mirror of https://git.openwrt.org/openwrt/openwrt.git synced 2024-10-20 22:48:10 +02:00
Code Issues
ab8ead3e2d
openwrt/package/libs
History
Eneas U de Queiroz 1c5cafa3eb openssl: fix low-severity CVE-2023-1255 
This applies commit 02ac9c94 to fix this OpenSSL Security Advisory
issued on 20th April 2023[1]:

Input buffer over-read in AES-XTS implementation on 64 bit ARM
(CVE-2023-1255)
==============================================================

Severity: Low

Issue summary: The AES-XTS cipher decryption implementation for 64 bit
ARM platform contains a bug that could cause it to read past the input
buffer, leading to a crash.

Impact summary: Applications that use the AES-XTS algorithm on the 64
bit ARM platform can crash in rare circumstances. The AES-XTS algorithm
is usually used for disk encryption.

The AES-XTS cipher decryption implementation for 64 bit ARM platform
will read past the end of the ciphertext buffer if the ciphertext size
is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the
memory after the ciphertext buffer is unmapped, this will trigger a
crash which results in a denial of service.

If an attacker can control the size and location of the ciphertext
buffer being decrypted by an application using AES-XTS on 64 bit ARM,
the application is affected. This is fairly unlikely making this issue a
Low severity one.

1. https://www.openssl.org/news/secadv/20230420.txt

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-29 12:33:44 +02:00
..
argp-standalone treewide: opt-out of tree-wide LTO usage 2023-03-21 18:28:23 +01:00
elfutils treewide: replace PKG_USE_MIPS16:=0 with PKG_BUILD_FLAGS:=no-mips16 2023-03-21 18:28:22 +01:00
gettext-full
gmp treewide: replace PKG_USE_MIPS16:=0 with PKG_BUILD_FLAGS:=no-mips16 2023-03-21 18:28:22 +01:00
jansson treewide: add support for "lto" in PKG_BUILD_FLAGS 2023-03-21 18:28:22 +01:00
libaudit treewide: replace PKG_USE_MIPS16:=0 with PKG_BUILD_FLAGS:=no-mips16 2023-03-21 18:28:22 +01:00
libbsd libbsd: fix libpath to not use host path 2022-12-26 13:36:41 +01:00
libcap libcap: update to 2.68 2023-04-08 15:52:56 +02:00
libevent2 treewide: add support for "lto" in PKG_BUILD_FLAGS 2023-03-21 18:28:22 +01:00
libiconv-full
libjson-c
libmd
libmnl
libnetfilter-conntrack
libnfnetlink
libnftnl treewide: add support for "lto" in PKG_BUILD_FLAGS 2023-03-21 18:28:22 +01:00
libnl treewide: add support for "gc-sections" in PKG_BUILD_FLAGS 2023-03-21 18:28:22 +01:00
libnl-tiny libnl-tiny: update to the latest version 2023-04-02 02:25:16 +02:00
libpcap libpcap: update to 1.10.4 2023-04-22 02:35:19 +02:00
libselinux
libsemanage
libsepol
libtool
libtraceevent libtraceevent: update to 1.7.2 2023-04-01 22:02:24 +02:00
libtracefs libtracefs: update to 1.6.4 2023-01-13 22:02:20 +01:00
libubox
libunwind
libusb
mbedtls mbedtls: Update to version 2.28.3 2023-04-10 13:36:26 +02:00
musl-fts
ncurses ncurses: add alacritty terminfo 2023-02-26 01:12:02 +01:00
nettle treewide: replace PKG_USE_MIPS16:=0 with PKG_BUILD_FLAGS:=no-mips16 2023-03-21 18:28:22 +01:00
openssl openssl: fix low-severity CVE-2023-1255 2023-04-29 12:33:44 +02:00
pcre
popt
readline
sysfsutils
toolchain
uclient uclient: update to Git version 2023-04-13 2023-04-13 20:51:05 +02:00
ustream-ssl ustream-ssl: update to Git version 2023-02-25 2023-02-25 18:37:26 +01:00
wolfssl treewide: add support for "lto" in PKG_BUILD_FLAGS 2023-03-21 18:28:22 +01:00
zlib