Date: Mon, 24 Feb 2020 17:21:37 +0000 (UTC) From: Tijl Coosemans <tijl@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r527003 - head/security/vuxml Message-ID: <202002241721.01OHLbrJ057238@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tijl Date: Mon Feb 24 17:21:36 2020 New Revision: 527003 URL: https://svnweb.freebsd.org/changeset/ports/527003 Log: Document Mbed TLS vulnerabilities 2019-12 and 2020-02. Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Feb 24 17:13:34 2020 (r527002) +++ head/security/vuxml/vuln.xml Mon Feb 24 17:21:36 2020 (r527003) @@ -58,6 +58,69 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="056ea107-5729-11ea-a2f3-001cc0382b2f"> + <topic>Mbed TLS -- Cache attack against RSA key import in SGX</topic> + <affects> + <package> + <name>mbedtls</name> + <range><lt>2.16.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Janos Follath reports:</p> + <blockquote cite="https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02">; + <p>If Mbed TLS is running in an SGX enclave and the adversary has + control of the main operating system, they can launch a side + channel attack to recover the RSA private key when it is being + imported.</p> + <p>The attack only requires access to fine grained measurements to + cache usage. Therefore the attack might be applicable to a scenario + where Mbed TLS is running in TrustZone secure world and the + attacker controls the normal world or possibly when Mbed TLS is + part of a hypervisor and the adversary has full control of a guest + OS.</p> + </blockquote> + </body> + </description> + <references> + <url>https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02</url>; + </references> + <dates> + <discovery>2020-02-18</discovery> + <entry>2020-02-24</entry> + </dates> + </vuln> + + <vuln vid="b70b880f-5727-11ea-a2f3-001cc0382b2f"> + <topic>Mbed TLS -- Side channel attack on ECDSA</topic> + <affects> + <package> + <name>mbedtls</name> + <range><lt>2.16.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Janos Follath reports:</p> + <blockquote cite="https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12">; + <p>Our bignum implementation is not constant time/constant trace, so + side channel attacks can retrieve the blinded value, factor it (as + it is smaller than RSA keys and not guaranteed to have only large + prime factors), and then, by brute force, recover the key.</p> + </blockquote> + </body> + </description> + <references> + <url>https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12</url>; + <cvename>CVE-2019-18222</cvename> + </references> + <dates> + <discovery>2019-10-25</discovery> + <entry>2020-02-24</entry> + </dates> + </vuln> + <vuln vid="8e3f1812-54d9-11ea-8d49-d4c9ef517024"> <topic>WeeChat -- Multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202002241721.01OHLbrJ057238>