SB2024090451 - Fedora 41 update for mbedtls
Published: September 4, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Insufficient Technical Documentation (CVE-ID: CVE-2024-45157)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error in product documentation. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
2) Stack-based buffer overflow (CVE-ID: CVE-2024-45158)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the mbedtls_ecdsa_der_to_raw() and
mbedtls_ecdsa_raw_to_der() functions when the bits parameter is larger than the
largest supported curve and PSA is disabled. A remote attacker can send specially crafted packets to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Improper Authentication (CVE-ID: CVE-2024-45159)
The vulnerability allows a remote attacker to authenticate with a wrong certificate.
The vulnerability exists due to an error when a server enables optional authentication of the client and TLS 1.3 is used. if the client-provided certificate does not have appropriate values in keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits
clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication could be able to use it for TLS client authentication anyway.
Remediation
Install update from vendor's website.