Description John Helmert III 2022-07-12 21:42:23 UTC

2.28.1 changelog has:

"  * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage
     module before freeing them. These buffers contain secret key material, and
     could thus potentially leak the key through freed heap.
   * Fix a potential heap buffer overread in TLS 1.2 server-side when
     MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with
     mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite
     is selected. This may result in an application crash or potentially an
     information leak.
   * Fix a buffer overread in DTLS ClientHello parsing in servers with
     MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
     or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
     after the end of the SSL input buffer. The buffer overread only happens
     when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
     the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(),
     and possibly up to 571 bytes with a custom cookie check function.
     Reported by the Cybeats PSI Team."

3.2.0 changelog has:

"  * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage
     module before freeing them. These buffers contain secret key material, and
     could thus potentially leak the key through freed heap.
   * Fix potential memory leak inside mbedtls_ssl_cache_set() with
     an invalid session id length.
   * Add the platform function mbedtls_setbuf() to allow buffering to be
     disabled on stdio files, to stop secrets loaded from said files being
     potentially left in memory after file operations. Reported by
     Glenn Strauss.
   * Fix a potential heap buffer overread in TLS 1.2 server-side when
     MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with
     mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite
     is selected. This may result in an application crash or potentially an
     information leak.
   * Fix a buffer overread in DTLS ClientHello parsing in servers with
     MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
     or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
     after the end of the SSL input buffer. The buffer overread only happens
     when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
     the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(),
     and possibly up to 571 bytes with a custom cookie check function.
     Reported by the Cybeats PSI Team.
    * Fix a buffer overread in TLS 1.3 Certificate parsing. An unauthenticated
      client or server could cause an MbedTLS server or client to overread up
      to 64 kBytes of data and potentially overread the input buffer by that
      amount minus the size of the input buffer. As overread data undergoes
      various checks, the likelihood of reaching the boundary of the input
      buffer is rather small but increases as its size
      MBEDTLS_SSL_IN_CONTENT_LEN decreases.
   * Fix check of certificate key usage in TLS 1.3. The usage of the public key
     provided by a client or server certificate for authentication was not
     checked properly when validating the certificate. This could cause a
     client or server to be able to authenticate itself through a certificate
     to an Mbed TLS TLS 1.3 server or client while it does not own a proper
     certificate to do so."

Please bump to 2.28.1 and 3.2.0. No release for the 2.16 line yet, is
it not vulnerable or is it almost time to drop it?