Maintenance releases for Mbed TLS 2.16 and Mbed TLS 2.7 are now available.
These releases bring fixes for a security issue, as described in more detail in our security advisory.
- (2.16) Fix potential memory overread when performing an ECDSA signature operation. The overread only happens with cryptographically low probability (of the order of 2^-n where n is the bitsize of the curve) unless the RNG is broken, and could result in information disclosure or denial of service (application crash or extra resource consumption). Found by Auke Zeilstra and Peter Schwabe, using static analysis.
- (2.16, 2.7) To avoid a side channel vulnerability when parsing an RSA private key, read all the CRT parameters from the DER structure rather than reconstructing them. Found by Alejandro Cabrera Aldaya and Billy Bob Brumley. Reported and fix contributed by Jack Lloyd.
- (2.16, 2.7) Fix an unchecked call to mbedtls_md() in the x509write module.
- (2.16, 2.7) Fix a bug in mbedtls_pk_parse_key() that would cause it to accept some RSA keys that would later be rejected by functions expecting private keys. Found by Catena cyber using oss-fuzz (issue 20467).
- (2.16, 2.7) Fix a bug in mbedtls_pk_parse_key() that would cause it to accept some RSA keys with invalid values by silently fixing those values.
Who should update
We recommend all affected users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.
Get your copy here:
The hashes for mbedtls-2.16.5-apache.tgz are:
SHA-1: c36962183e05467aa1dadafcaacf90216a737866 SHA-256: 65b4c6cec83e048fd1c675e9a29a394ea30ad0371d37b5742453f74084e7b04d
The hashes for mbedtls-2.16.5-gpl.tgz are:
SHA-1: 4fe2c2a93ce0fbc47a210b0a9e0e3b5c20ba32f7 SHA-256: 6ebdea6565c714f1315b9af6a802afb4b4e89976f7d5d2b15aa8028eb52e7d09
The hashes for mbedtls-2.7.14-apache.tgz are:
SHA-1: acc850069d38ce21c029358d7eb9d14691d7fc0a SHA-256: 9a8ff432b3dcd89c74770d914e28765e3faaea4206f7cc98b02a075994c5090f
The hashes for mbedtls-2.7.14-gpl.tgz are:
SHA-1: e21987c5694da03c596a2920b5aa70c095f262fe SHA-256: e0676ea78c6bdf6eb3b11a62ccad9d81d9131ecf117586bffe1985de966e3e2f