hurricos/openwrt-mirror
1
0
Fork 0
mirror of git://git.openwrt.org/openwrt/openwrt.git synced 2025-10-24 18:44:27 -04:00
Code Issues Projects Releases Wiki Activity
da84eddedb
openwrt-mirror/package/libs
History
Eneas U de Queiroz 1c5cafa3eb openssl: fix low-severity CVE-2023-1255 
This applies commit 02ac9c94 to fix this OpenSSL Security Advisory
issued on 20th April 2023[1]:

Input buffer over-read in AES-XTS implementation on 64 bit ARM
(CVE-2023-1255)
==============================================================

Severity: Low

Issue summary: The AES-XTS cipher decryption implementation for 64 bit
ARM platform contains a bug that could cause it to read past the input
buffer, leading to a crash.

Impact summary: Applications that use the AES-XTS algorithm on the 64
bit ARM platform can crash in rare circumstances. The AES-XTS algorithm
is usually used for disk encryption.

The AES-XTS cipher decryption implementation for 64 bit ARM platform
will read past the end of the ciphertext buffer if the ciphertext size
is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the
memory after the ciphertext buffer is unmapped, this will trigger a
crash which results in a denial of service.

If an attacker can control the size and location of the ciphertext
buffer being decrypted by an application using AES-XTS on 64 bit ARM,
the application is affected. This is fairly unlikely making this issue a
Low severity one.

1. https://www.openssl.org/news/secadv/20230420.txt

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-29 12:33:44 +02:00
..
argp-standalone treewide: opt-out of tree-wide LTO usage 2023-03-21 18:28:23 +01:00
elfutils treewide: replace PKG_USE_MIPS16:=0 with PKG_BUILD_FLAGS:=no-mips16 2023-03-21 18:28:22 +01:00
gettext-full gettext-full: update to 0.21.1 2022-10-22 21:10:34 +02:00
gmp treewide: replace PKG_USE_MIPS16:=0 with PKG_BUILD_FLAGS:=no-mips16 2023-03-21 18:28:22 +01:00
jansson treewide: add support for "lto" in PKG_BUILD_FLAGS 2023-03-21 18:28:22 +01:00
libaudit treewide: replace PKG_USE_MIPS16:=0 with PKG_BUILD_FLAGS:=no-mips16 2023-03-21 18:28:22 +01:00
libbsd libbsd: fix libpath to not use host path 2022-12-26 13:36:41 +01:00
libcap libcap: update to 2.68 2023-04-08 15:52:56 +02:00
libevent2 treewide: add support for "lto" in PKG_BUILD_FLAGS 2023-03-21 18:28:22 +01:00
libiconv-full libiconv-full: add host build 2022-07-17 14:21:03 +02:00
libjson-c libjson-c: disable libbsd 2022-07-04 20:37:41 +02:00
libmd libmd: add library providing message digest functions 2022-09-11 01:30:11 +02:00
libmnl libmnl: add PKG_CPE_ID 2022-09-06 16:36:44 +01:00
libnetfilter-conntrack libnetfilter-conntrack: backport patch fixing compilation with 5.15 2022-03-05 21:05:45 +01:00
libnfnetlink libnfnetlink: add PKG_CPE_ID 2022-09-06 16:36:45 +01:00
libnftnl treewide: add support for "lto" in PKG_BUILD_FLAGS 2023-03-21 18:28:22 +01:00
libnl treewide: add support for "gc-sections" in PKG_BUILD_FLAGS 2023-03-21 18:28:22 +01:00
libnl-tiny libnl-tiny: update to the latest version 2023-04-02 02:25:16 +02:00
libpcap libpcap: update to 1.10.4 2023-04-22 02:35:19 +02:00
libselinux libselinux: add PKG_CPE_ID 2022-09-06 16:36:48 +01:00
libsemanage libsemanage: update to version 3.3 2021-10-28 22:15:02 +01:00
libsepol libsepol: add PKG_CPE_ID 2022-09-06 16:36:48 +01:00
libtool libtool: update to 2.4.7 2022-07-10 19:07:47 +02:00
libtraceevent libtraceevent: update to 1.7.2 2023-04-01 22:02:24 +02:00
libtracefs libtracefs: update to 1.6.4 2023-01-13 22:02:20 +01:00
libubox libubox: update to the latest version 2022-10-14 13:12:23 +02:00
libunwind libunwind: update to 1.6.2 2022-09-07 04:22:40 +01:00
libusb packages: libusb: add package 'fxload' (from libusb examples) 2022-09-17 00:44:08 +01:00
mbedtls mbedtls: Update to version 2.28.3 2023-04-10 13:36:26 +02:00
musl-fts musl-fts: remove shared libraries from host 2022-03-27 14:38:13 +02:00
ncurses ncurses: add alacritty terminfo 2023-02-26 01:12:02 +01:00
nettle treewide: replace PKG_USE_MIPS16:=0 with PKG_BUILD_FLAGS:=no-mips16 2023-03-21 18:28:22 +01:00
openssl openssl: fix low-severity CVE-2023-1255 2023-04-29 12:33:44 +02:00
pcre pcre: pass -fPIC under host as well 2022-04-16 14:02:11 +02:00
popt popt: update to 1.19 2022-10-02 20:22:54 +02:00
readline readline: update to 8.2 2022-10-23 18:16:22 +02:00
sysfsutils sysfsutils: Define START early in file 2022-09-26 17:58:32 +01:00
toolchain toolchain: reproducible libstdcpp 2022-04-01 12:54:58 +01:00
uclient uclient: update to Git version 2023-04-13 2023-04-13 20:51:05 +02:00
ustream-ssl ustream-ssl: update to Git version 2023-02-25 2023-02-25 18:37:26 +01:00
wolfssl treewide: add support for "lto" in PKG_BUILD_FLAGS 2023-03-21 18:28:22 +01:00
zlib zlib: update to 1.2.13 2022-11-13 20:47:57 +01:00