package/wolfssl: security bump to version 5.5.1 (2e4c0e72) · Commits · Infra Solutions / Reference Design / platsw / buildroot

Commit 2e4c0e72 authored Sep 28, 2022 by Fabrice Fontaine Committed by Yann E. MORIN Oct 01, 2022

package/wolfssl: security bump to version 5.5.1

Denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.
This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable



Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

parent 8898523d

Hide whitespace changes

Inline Side-by-side

Please register or to comment