Description
This release of Mbed TLS provides the fix for a security vulnerability.
Mbed TLS 3.6 is a long-term support (LTS) branch. It will be supported with bug-fixes and security fixes until at least March 2027.
Security Advisories
For full details, please see the following links:
❕ Release notes are truncated in GitHub's releases page: Please refer to the 3.6.2 release page.
Release Notes
Security
- Fix a buffer underrun in mbedtls_pk_write_key_der() when
called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled,
and the output buffer is smaller than the actual output.
Fix a related buffer underrun in mbedtls_pk_write_key_pem()
when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled
and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key.
CVE-2024-49195
Who should update
We recommend all users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.
Note
❕
mbedtls-3.6.2.tar.bz2
is our official release file.source.tar.gz
andsource.zip
are automatically generated snapshots that github generates. They do not include external dependencies, and can't be configured
Checksum
The SHA256 hash for the archive is:
8b54fb9bcf4d5a7078028e0520acddefb7900b3e66fec7f7175bb5b7d85ccdca mbedtls-3.6.2.tar.bz2