This fixes multiple bugs and this security problem:
* CVE-2018-19608 Local timing attack on RSA decryption
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes the following security problems:
* CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel
* CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
mbedtls changed in version 2.7.0 and 2.7.2 the soversion of the
libmbedcrypto.so library, use the old version again to be able to use
the new library with binaries compiled against the old mbedtls library.
Some binaries got rebuild to for the 2.7.0 release and are now using
libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.
Go back to libmbedcrypto.so.0 and make the system rebuild the binaries
which were rebuild for 2.7.0 again.
This should make the libmbedcrypto.so library be compatible with the old
version shipped with 17.01.
Fixes: 3ca1438ae0 ("mbedtls: update to version 2.7.2")
Fixes: f609913b5c ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
