ProHoster > Pūnaewele > nūhou pūnaewele > OpenSSL 1.1.1j, wolfSSL 4.7.0 a me LibreSSL 3.2.4 hōʻano hou

OpenSSL 1.1.1j, wolfSSL 4.7.0 a me LibreSSL 3.2.4 hōʻano hou

Loaʻa kahi hoʻokuʻu mālama ʻana o ka OpenSSL cryptographic library 1.1.1j, kahi e hoʻoponopono ai i ʻelua mau nāwaliwali:

  • ʻO CVE-2021-23841 kahi kuhikuhi kuhikuhi NULL i ka hana X509_issuer_and_serial_hash(), hiki ke hoʻopau i nā noi e kāhea ana i kēia hana no ka mālama ʻana i nā palapala hōʻoia X509 me kahi waiwai hewa ʻole i ka māla hoʻopuka.
  • ʻO CVE-2021-23840 he integer overflow i nā hana EVP_CipherUpdate, EVP_EncryptUpdate, a me EVP_DecryptUpdate e hiki ai ke hoʻihoʻi i ka waiwai o 1, e hōʻike ana i ka holomua o ka hana, a me ka hoʻonohonoho ʻana i ka nui i kahi waiwai maikaʻi ʻole, hiki ke hoʻopau i nā noi. hana maʻamau.
  • He hemahema ka CVE-2021-23839 i ka hoʻokō ʻana i ka pale rollback no ka protocol SSLv2. Hōʻike wale ʻia ma ka lālā kahiko 1.0.2.

Ua paʻi pū ʻia ka hoʻokuʻu ʻia ʻana o ka pūʻolo LibreSSL 3.2.4, i loko o ka papahana OpenBSD e hoʻomohala nei i kahi pua o OpenSSL i manaʻo ʻia e hāʻawi i kahi kiʻekiʻe o ka palekana. Hoʻomaopopo ʻia ka hoʻokuʻu ʻana no ka hoʻihoʻi ʻana i ke code hōʻoia hōʻoia kahiko i hoʻohana ʻia ma LibreSSL 3.1.x ma muli o ka haʻihaʻi ʻana i kekahi mau noi me nā mea paʻa e hana a puni nā pōpoki i ka code kahiko. Ma waena o nā mea hou, ʻo ka hoʻohui ʻana o nā hoʻokō o ka mea hoʻopuka a me nā ʻāpana autochain i TLSv1.3 kū i waho.

Eia kekahi, ua hoʻokuʻu hou ʻia ka hale waihona puke cryptographic wolfSSL 4.7.0, i hoʻopaʻa ʻia no ka hoʻohana ʻana ma nā mea i hoʻopili ʻia me ka palena o ka kaʻina hana a me nā kumuwaiwai hoʻomanaʻo, e like me nā pūnaewele o nā mea, nā ʻōnaehana home akamai, nā ʻōnaehana ʻike automotive, nā mea ala a me nā kelepona paʻalima. . Ua kākau ʻia ke code ma ka ʻōlelo C a hāʻawi ʻia ma lalo o ka laikini GPLv2.

Aia ka mana hou i ke kākoʻo no RFC 5705 (Keying Material Exporters for TLS) a me S/MIME (Secure/Multipurpose Internet Mail Extensions). Hoʻohui ʻia ka hae "--enable-reproducible-build" e hōʻoia i ka hana hou ʻana. Ua hoʻohui ʻia ka SSL_get_verify_mode API, X509_VERIFY_PARAM API a me X509_STORE_CTX i ka papa e hōʻoia i ka hoʻokō ʻana me OpenSSL. Hoʻokō ʻia ka macro WOLFSSL_PSK_IDENTITY_ALERT. Hoʻohui i kahi hana hou _CTX_NoTicketTLSv12 e hoʻopau i nā tiketi kau TLS 1.2, akā mālama iā lākou no TLS 1.3.

Source: opennet.ru

Pākuʻi i ka manaʻo hoʻopuka