ยซ Changelog History


mbedTLS v2.16.6 Release Notes

Release Date: 2020-04-14 // about 4 years ago

  • Description

    ๐Ÿš€ Mbed TLS 2.16.6 is a maintenance release of the Mbed TLS 2.16 branch, and provides bug fixes and minor enhancements. This release includes fixes for security issues and the most severe one is described in more detail in a security advisory.

    ๐Ÿ”’ Security

    • ๐Ÿ›  Fix side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) to fully recover an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya, Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932
    • ๐Ÿ›  Fix a potentially remotely exploitable buffer overread in a DTLS client when parsing the Hello Verify Request message.

    ๐Ÿ›  Bugfix

    • Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
    • ๐Ÿ›  Fix a function name in a debug message. Contributed by Ercan Ozturk in #3013.

    โšก๏ธ Who should update

    ๐Ÿš€ We recommend all affected users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.