ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > OpenSSL 1.1.1j, wolfSSL 4.7.0 thiab LibreSSL 3.2.4 hloov tshiab

OpenSSL 1.1.1j, wolfSSL 4.7.0 thiab LibreSSL 3.2.4 hloov tshiab

Kev txij nkawm tso tawm ntawm OpenSSL cryptographic tsev qiv ntawv 1.1.1j muaj, uas kho ob qhov tsis zoo:

  • CVE-2021-23841 yog NULL pointer dereference nyob rau hauv X509_issuer_and_serial_hash() muaj nuj nqi, uas tuaj yeem cuam tshuam cov ntawv thov uas hu rau lub luag haujlwm no los lis X509 daim ntawv pov thawj nrog tus nqi tsis raug hauv cov ntawv tshaj tawm.
  • CVE-2021-23840 yog ib qho integer overflow hauv EVP_CipherUpdate, EVP_EncryptUpdate, thiab EVP_DecryptUpdate cov haujlwm uas tuaj yeem ua rau rov qab tus nqi ntawm 1, qhia txog kev ua haujlwm tiav, thiab teeb tsa qhov loj me rau qhov tsis zoo, uas tuaj yeem ua rau cov ntawv thov poob lossis cuam tshuam. tus cwj pwm zoo.
  • CVE-2021-23839 yog qhov tsis txaus ntseeg hauv kev ua raws li kev tiv thaiv rollback rau kev siv SSLv2 raws tu qauv. Tsuas yog tshwm hauv cov ceg qub 1.0.2.

Kev tso tawm ntawm LibreSSL 3.2.4 pob kuj tau luam tawm, nyob rau hauv uas OpenBSD qhov project tab tom tsim ib rab diav rawg ntawm OpenSSL txhawm rau muab qib siab dua ntawm kev ruaj ntseg. Qhov kev tso tawm yog qhov tseem ceeb rau kev rov qab mus rau daim ntawv pov thawj qub pov thawj code siv nyob rau hauv LibreSSL 3.1.x vim kev tawg ntawm qee qhov kev siv nrog kev khi ua haujlwm nyob ib puag ncig cov kab hauv cov cai qub. Ntawm cov kev tsim kho tshiab, qhov sib ntxiv ntawm kev siv ntawm cov khoom xa tawm thiab cov khoom siv autochain rau TLSv1.3 sawv tawm.

Tsis tas li ntawd, muaj kev tso tawm tshiab ntawm lub tsev qiv ntawv cryptographic compact wolfSSL 4.7.0, ua kom zoo rau kev siv ntawm cov khoom siv kos nrog cov khoom siv tsawg thiab kev nco, xws li Internet of Things li, smart home systems, automotive information systems, routers and mobile phones. . Cov cai sau ua lus C thiab muab faib raws li daim ntawv tso cai GPLv2.

Cov ntawv tshiab suav nrog kev txhawb nqa rau RFC 5705 (Keying Material Exporters for TLS) thiab S/MIME (Secure/Multipurpose Internet Mail Extensions). Ntxiv "--enable-reproducible-build" chij los xyuas kom meej cov khoom tsim tawm. SSL_get_verify_mode API, X509_VERIFY_PARAM API thiab X509_STORE_CTX tau ntxiv rau txheej kom ntseeg tau tias muaj kev sib raug zoo nrog OpenSSL. Implemented macro WOLFSSL_PSK_IDENTITY_ALERT. Ntxiv ib txoj haujlwm tshiab _CTX_NoTicketTLSv12 kom lov tes taw TLS 1.2 daim pib sib tham, tab sis khaws cia rau TLS 1.3.

Tau qhov twg los: opennet.ru

Ntxiv ib saib