- Library package version bumped to libmbedtls12

- Update to version 2.14.1: [bsc#1118727, CVE-2018-19608]
  Security
   * Fix timing variations and memory access variations in RSA PKCS#1 v1.5
     decryption that could lead to a Bleichenbacher-style padding oracle
     attack. In TLS, this affects servers that accept ciphersuites based on
     RSA decryption (i.e. ciphersuites whose name contains RSA but not
     (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute),  Robert Gillham
     (University of Adelaide), Daniel Genkin (University of Michigan),
     Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom
     (University of Adelaide, Data61). The attack is described in more detail
     in the paper available here: http://cat.eyalro.net/cat.pdf  CVE-2018-19608
   * In mbedtls_mpi_write_binary(), don't leak the exact size of the number
     via branching and memory access patterns. An attacker who could submit
     a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing
     of the decryption and not its result could nonetheless decrypt RSA
     plaintexts and forge RSA signatures. Other asymmetric algorithms may
     have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham,
     Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom.
   * Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG
     modules.
  API Changes
   * The new functions mbedtls_ctr_drbg_update_ret() and
     mbedtls_hmac_drbg_update_ret() are similar to mbedtls_ctr_drbg_update()
     and mbedtls_hmac_drbg_update() respectively, but the new functions
     report errors whereas the old functions return void. We recommend that
     applications use the new functions.
- Version 2.14.0:
  Security

• Files Changed
• Browse Source