ALT-PU-2022-7458-1
Package mbedtls updated to version 3.3.0-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2023-00041
Уязвимость реализации протоколов TLS и SSL программного обеспечения Mbed TLS, позволяющая нарушителю перезаписать данные в буфере памяти и восстановить закрытый RSA-ключ
Modified: 2024-11-21
CVE-2022-46392
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
- https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
- https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
- https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0
- https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0
- FEDORA-2023-7456a62f60
- FEDORA-2023-7456a62f60
- FEDORA-2023-3c4a525dcc
- FEDORA-2023-3c4a525dcc
Modified: 2024-11-21
CVE-2022-46393
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
- https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
- https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
- https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0
- https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0
- FEDORA-2023-7456a62f60
- FEDORA-2023-7456a62f60
- FEDORA-2023-3c4a525dcc
- FEDORA-2023-3c4a525dcc
- https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
- https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/