strongSwan 5.9.10 yana samuwa yanzu, kunshin kyauta don ƙirƙirar haɗin VPN bisa ka'idar IPSec da aka yi amfani da ita a Linux, Android, FreeBSD da macOS. Sabuwar sigar tana kawar da lahani mai haɗari (CVE-2023-26463) wanda za'a iya amfani dashi don keɓance ingantaccen aiki, amma yana iya yuwuwar haifar da aiwatar da lambar maharin akan sabar ko gefen abokin ciniki. Matsalar tana faruwa lokacin tabbatar da takaddun takaddun ƙira na musamman a cikin EAP na tushen TLS
Rashin lafiyar yana faruwa ne ta hanyar mai kula da TLS ba daidai ba yana karɓar maɓallan jama'a daga takardar shedar takwarorinsu, yana la'akari da su a matsayin amintattu ko da ba za a iya tantance takardar shaidar cikin nasara ba. Musamman, lokacin kiran aikin tls_find_public_key(), zaɓi bisa nau'in maɓallin jama'a ana amfani da shi don tantance waɗanne takaddun shaida ne amintattu. Matsalar ita ce ana saita maɓalli da aka yi amfani da shi don tantance nau'in maɓalli don aikin neman ta ta yaya, koda kuwa takardar shaidar ba ta da aminci.
Bugu da ƙari, ta hanyar sarrafa maɓalli, za ku iya rage ma'aunin tunani (idan takardar shaidar ba ta da aminci, ana fitar da batun abu bayan tantance nau'in maɓalli) da 'yantar da ƙwaƙwalwar ajiya don abin da ake amfani da shi tare da maɓallin. Wannan aibi baya keɓance ƙirƙirar fa'idodi don ɗigo bayanai daga ƙwaƙwalwar ajiya da aiwatar da lambar al'ada.
An kai harin kan uwar garke ta hanyar abokin ciniki ya aika takardar shaidar sa hannu don tabbatar da abokin ciniki ta amfani da hanyoyin EAP-TLS, EAP-TTLS, EAP-PEAP da EAP-TNC. Ana iya kai hari kan abokin ciniki ta hanyar uwar garken maido da takaddun shaida na musamman. Rashin lahani yana bayyana a cikin ƙarfiSwan yana fitar da 5.9.8 da 5.9.9. Za a iya bin diddigin buguwar sabuntawar fakiti a cikin rabe-rabe akan shafuka: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD, NetBSD.
source: budenet.ru