Forum
mbed TLS 2.3.0, 2.1.5 and 1.3.17 released
Peter
11 July 2016, 17:05
Does Hiawatha need to be updated to the new version of mbed TLS?
The new release "addresses three security issues, two of which are not exploitable remotely". Which means one is remotely exploitable:
* (2.3, 2.1, 1.3) Fixed missing padding length check required by PKCS1 v2.2 in mbedtls_rsa_rsaes_pkcs1_v15_decrypt(). (considered low impact)
The new release "addresses three security issues, two of which are not exploitable remotely". Which means one is remotely exploitable:
* (2.3, 2.1, 1.3) Fixed missing padding length check required by PKCS1 v2.2 in mbedtls_rsa_rsaes_pkcs1_v15_decrypt(). (considered low impact)
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
