[SECURITY] [DLA 4236-1] mbedtls security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4236-1] mbedtls security update
From: Andrej Shadura <andrewsh@debian.org>
Date: Mon, 30 Jun 2025 22:19:06 +0200
Message-id: <[🔎] 20250630201908.153431-1-andrewsh@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4236-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                       Andrej Shadura
June 30, 2025                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : mbedtls
Version        : 2.16.9-0.1+deb11u1
CVE ID         : CVE-2021-24119 CVE-2021-36647 CVE-2021-43666 CVE-2021-44732 
                 CVE-2022-46392

Multiple vulnerabilities have been fixed in mbedtls, a lightweight crypto and
SSL/TLS library.

CVE-2021-24119

    A side-channel vulnerability in base64 PEM file decoding allows
    system-level (administrator) attackers to obtain information about
    secret RSA keys via a controlled-channel and side-channel attack on
    software running in isolated environments that can be single stepped,
    especially Intel SGX.

CVE-2021-36647

    Function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all
    versions before 3.0.0, 2.27.0 or 2.16.11 allowed attackers with access
    to precise enough timing and memory access information (typically an
    untrusted operating system attacking a secure enclave such as SGX or
    the TrustZone secure world) to recover the private keys used in RSA.

CVE-2021-43666

    In the mbedtls_pkcs12_derivation function an input password's length
    is 0 caused a denial of service.

CVE-2021-44732

    Function mbedtls_ssl_set_session() performed a double free in certain
    out-of-memory conditions.

CVE-2022-46392

    An adversary with access to precise enough information about memory
    accesses (typically, an untrusted operating system attacking a
    secure enclave) could recover an RSA private key after observing the
    victim performing a single private-key operation, if the window size
    (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.

For Debian 11 bullseye, these problems have been fixed in version
2.16.9-0.1+deb11u1.

We recommend that you upgrade your mbedtls packages.

For the detailed security status of mbedtls please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mbedtls

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCaGLxJgAKCRDoRGtKyMdy
YQmvAQDAvMR7hRF1unIUFM5PDI3m/b7SjDM8fXHBMrfTf0ABfAD+I8e83xW1Px+W
8sa7F168neYYKWMgw3uhe4MnK/MHEQY=
=8ms8
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4235-1] sudo security update
Previous by thread: [SECURITY] [DLA 4235-1] sudo security update
Index(es):
- Date
- Thread