Merge remote-tracking branch 'restricted/pr/516' into development

2026-01-04 13:45:05 +01:00 · 2018-11-29 16:53:51 +00:00 · 2018-11-29 16:53:51 +00:00 · 658618b6b2
commit 658618b6b2
parent 556d7d9e3b 4899247bf2
4 changed files with 444 additions and 44 deletions
--- a/9
+++ b/9
@ -1,5 +1,14 @@
 mbed TLS ChangeLog (Sorted per branch, date)

+= mbed TLS 2.xx.x branch released xxxx-xx-xx
+
+Security
+   * Fix timing variations and memory access variations in RSA PKCS#1 v1.5
+     decryption that could lead to a Bleichenbacher-style padding oracle
+     attack. In TLS, this affects RSA-based ciphersuites without DHE or
+     ECDHE. Reported by Yuval Yarom, Eyal Ronen, Adi Shamir, David Wong and
+     Daniel Genkin.
+
 = mbed TLS 2.14.0 branch released 2018-11-19

 Security