Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 923279 (CVE-2024-23170, CVE-2024-23775)

Summary: <net-libs/mbedtls-{2.28.7,3.5.2}: multiple vulnerabilties
Product: Gentoo Security Reporter: Azamat H. Hackimov <azamat.hackimov>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: ajak, azamat.hackimov, dlan
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/35079
Whiteboard: B2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 923409    
Bug Blocks:    

Description Azamat H. Hackimov 2024-01-29 17:35:49 UTC 
CVE-2024-23170 Timing side channel in private key RSA operations.

Mbed TLS is vulnerable to a timing side channel in private key RSA operations. This side channel could be sufficient for an attacker to recover the plaintext. A local attacker or a remote attacker who is close to the victim on the network might have precise enough timing measurements to exploit this. It requires the attacker to send a large number of messages for decryption.

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/

CVE-2024-23775 Buffer overflow in mbedtls_x509_set_extension().

When writing x509 extensions we failed to validate inputs passed in to mbedtls_x509_set_extension(), which could result in an integer overflow, causing a zero-length buffer to be allocated to hold the extension. The extension would then be copied into the buffer, causing a heap buffer overflow.

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/


Resolution: update net-libs/mbedtls to 2.28.7 and 3.5.2.
Comment 1 Larry the Git Cow gentoo-dev 2024-01-31 09:39:00 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8854f3a3ba8804ac498d25fa3ba419215b18d352

commit 8854f3a3ba8804ac498d25fa3ba419215b18d352
Author:     Azamat H. Hackimov <azamat.hackimov@gmail.com>
AuthorDate: 2024-01-29 17:48:33 +0000
Commit:     Yixun Lan <dlan@gentoo.org>
CommitDate: 2024-01-31 09:37:45 +0000

    net-libs/mbedtls: drop 2.28.6, 3.5.1
    
    Bug: https://bugs.gentoo.org/923279
    Closes: https://github.com/gentoo/gentoo/pull/35079
    Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com>
    Signed-off-by: Yixun Lan <dlan@gentoo.org>

 net-libs/mbedtls/Manifest              |   2 -
 net-libs/mbedtls/mbedtls-2.28.6.ebuild | 104 ---------------------------------
 net-libs/mbedtls/mbedtls-3.5.1.ebuild  |  96 ------------------------------
 3 files changed, 202 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a9ee81cf0e4c6b4df223fff5732fba83a019e398

commit a9ee81cf0e4c6b4df223fff5732fba83a019e398
Author:     Azamat H. Hackimov <azamat.hackimov@gmail.com>
AuthorDate: 2024-01-29 17:47:16 +0000
Commit:     Yixun Lan <dlan@gentoo.org>
CommitDate: 2024-01-31 09:35:52 +0000

    net-libs/mbedtls: add 2.28.7, 3.5.2
    
    Fixes CVE-2024-23170, CVE-2024-23775 issues.
    
    Bug: https://bugs.gentoo.org/923279
    Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com>
    Signed-off-by: Yixun Lan <dlan@gentoo.org>

 net-libs/mbedtls/Manifest              |   2 +
 net-libs/mbedtls/mbedtls-2.28.7.ebuild | 104 +++++++++++++++++++++++++++++++++
 net-libs/mbedtls/mbedtls-3.5.2.ebuild  |  96 ++++++++++++++++++++++++++++++
 net-libs/mbedtls/metadata.xml          |   1 +
 4 files changed, 203 insertions(+)
Comment 2 Yixun Lan archtester gentoo-dev 2024-01-31 09:42:55 UTC 
since this is a security bug, please suggest new candidate for fast stabilization, I'd assume net-libs/mbedtls-2.28.7 ? thanks
Comment 3 Larry the Git Cow gentoo-dev 2024-09-22 07:17:30 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=d21ab1340ca6819c7fd7091b0fd62ce433aa6969

commit d21ab1340ca6819c7fd7091b0fd62ce433aa6969
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-09-22 07:17:18 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-09-22 07:17:27 +0000

    [ GLSA 202409-14 ] Mbed TLS: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/886001
    Bug: https://bugs.gentoo.org/923279
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202409-14.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)