mirror of
https://git.openwrt.org/openwrt/openwrt.git
synced 2026-03-14 23:09:45 +01:00
1a8d3ea89c
This release includes fixes for security issues.
Mbed TLS 3.6 is a long-term support (LTS) branch. It will be supported
with bug-fixes and security fixes until at least March 2027.
The two issues fixed were timing side channels:
* Padding oracle through timing of cipher error reporting
(CVE-2025-59438) [1]
* Side channel in RSA key generation and operations (SSBleed, M-Step)
(CVE-2025-54764) [2]
Bug fixes:
* Fix potential CMake parallel build failure when building both the static and shared libraries.
* Fix a build error or incorrect TLS session lifetime on platforms where mbedtls_time_t is not time_t.
[1]: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/
[2]: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/
Full release announcement:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.5
Tested-by: Edoardo Pinci <epinci@outlook.com>
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20425
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| patches | ||
| Config.in | ||
| Makefile | ||