Hi Mbed TLS users,

We have released Mbed TLS versions 3.5.2 and 2.28.7.

These releases contain security fixes for: a timing side channel in private key RSA operations; and a buffer overflow in mbedtls_x509_set_extension.

Full details are available in the release notes.

 

https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.7

https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.2

We recommend all users to consider whether they are impacted, and to upgrade appropriately.

Many thanks.

Dave