[Buildroot] [git commit] package/wolfssl: security bump to version 5.4.0
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Mon Aug 8 20:48:17 UTC 2022
commit: https://git.buildroot.net/buildroot/commit/?id=cd82a913d420458007bb43460fb6a7281f963771
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fix the following vulnerabilities:
- [High] Potential for DTLS DoS attack. In wolfSSL versions before
5.4.0 the return-routability check is wrongly skipped in a specific
edge case. The check on the return-routability is there for stopping
attacks that either consume excessive resources on the server, or try
to use the server as an amplifier sending an excessive amount of
messages to a victim IP. If using DTLS 1.0/1.2 on the server side
users should update to avoid the potential DoS attack. CVE-2022-34293
- [Medium] Ciphertext side channel attack on ECC and DH operations.
Users on systems where rogue agents can monitor memory use should
update the version of wolfSSL and change private ECC keys.
https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable
https://www.wolfssl.com/docs/security-vulnerabilities/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
---
package/wolfssl/wolfssl.hash | 2 +-
package/wolfssl/wolfssl.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/wolfssl/wolfssl.hash b/package/wolfssl/wolfssl.hash
index 63eebf93bb..01b21596e7 100644
--- a/package/wolfssl/wolfssl.hash
+++ b/package/wolfssl/wolfssl.hash
@@ -1,5 +1,5 @@
# Locally computed:
-sha256 409b4646c5f54f642de0e9f3544c3b83de7238134f5b1ff93fb44527bf119d05 wolfssl-5.2.0.tar.gz
+sha256 dc36cc19dad197253e5c2ecaa490c7eef579ad448706e55d73d79396e814098b wolfssl-5.4.0.tar.gz
# Hash for license files:
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
diff --git a/package/wolfssl/wolfssl.mk b/package/wolfssl/wolfssl.mk
index 58b6f296ab..536fd863fe 100644
--- a/package/wolfssl/wolfssl.mk
+++ b/package/wolfssl/wolfssl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-WOLFSSL_VERSION = 5.2.0
+WOLFSSL_VERSION = 5.4.0
WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION)-stable)
WOLFSSL_INSTALL_STAGING = YES
More information about the buildroot
mailing list