11 July 2016, 17:05
Does Hiawatha need to be updated to the new version of mbed TLS?
The new release "addresses three security issues, two of which are not exploitable remotely". Which means one is remotely exploitable:
* (2.3, 2.1, 1.3) Fixed missing padding length check required by PKCS1 v2.2 in mbedtls_rsa_rsaes_pkcs1_v15_decrypt(). (considered low impact)
This topic has been closed.