mirror of
https://git.openwrt.org/openwrt/openwrt.git
synced 2026-05-04 09:31:26 +02:00
f48ef0040b
This version fixes some security problems: * Client impersonation while resuming a TLS 1.3 session (CVE-2026-34873) * Entropy on Linux can fall back to /dev/urandom (CVE-2026-34871) * PSA random generator cloning (CVE-2026-25835) * Compiler-induced constant-time violations (CVE-2025-66442) * Null pointer dereference when setting a distinguished name (CVE-2026-34874) * Buffer overflow in FFDH public key export (CVE-2026-34875) * FFDH: lack of contributory behaviour due to improper input validation (CVE-2026-34872) * Signature Algorithm Injection (CVE-2026-25834) * CCM multipart finish tag-length validation bypass (CVE-2026-34876) * Risk of insufficient protection of serialized session or context data leading to potential memory safety issues (CVE-2026-34877) * Buffer underflow in x509_inet_pton_ipv6() (CVE-2026-25833) Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.6 Size increases by 470 bytes on aarch64: 343995 bin/packages/aarch64_generic/base/libmbedtls21-3.6.5-r1.apk 344465 bin/packages/aarch64_generic/base/libmbedtls21-3.6.6-r1.apk Link: https://github.com/openwrt/openwrt/pull/22787 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>