Maintenance releases for Mbed TLS 2.16 and Mbed TLS 2.7 are now available.
These releases bring fixes for a security issue, as described in more detail in our security advisory.
- (2.16, 2.7) Fix side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) to fully recover an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya, Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932
- (2.16, 2.7) Fix a potentially remotely exploitable buffer overread in a DTLS client when parsing the Hello Verify Request message.
- (2.7) Fix bug in DTLS handling of new associations with the same parameters (RFC 6347 section 4.2.8): after sending its HelloVerifyRequest, the server would end up with corrupted state and only send invalid records to the client. An attacker able to send forged UDP packets to the server could use that to obtain a Denial of Service. This could only happen when MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE was enabled in config.h (which it is by default).
- (2.16, 2.7) Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
- (2.16, 2.7) Fix a function name in a debug message. Contributed by Ercan Ozturk.
Who should update
We recommend all affected users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.
Get your copy here:
The hashes for mbedtls-2.16.6-apache.tgz are:
SHA-1: 3cb5b681597a5bd798d31038c129c0dc911d8a2c SHA-256: 66455e23a6190a30142cdc1113f7418158839331a9d8e6b0778631d077281770
The hashes for mbedtls-2.16.6-gpl.tgz are:
SHA-1: 9fe0f25207a4ab019553d6e43f8fd51b76d668e4 SHA-256: 80a484df42f32dbe95665cd4b18ce0dd14b6c67dfd561d36d1475802e41eb3ed
The hashes for mbedtls-2.7.15-apache.tgz are:
SHA-1: 671ee4989f54ff79762b54af1e3232a45cbf1b50 SHA-256: de5f68060f70300ea5957a636e960e06c60cb0ec49557aafb9e578e0f1da3e0d
The hashes for mbedtls-2.7.15-gpl.tgz are:
SHA-1: 107cf4dc7882b5d33a405b188bd7ec3f6c1bdd87 SHA-256: 174871a86851be5136e83ba0b30563af54ec82a6ce534d73d248c450f1eb9cee