OpenSSL 1.1.1l hloov tshiab nrog kho rau ob qhov tsis zoo

Kev kho qhov tso tawm ntawm OpenSSL cryptographic tsev qiv ntawv 1.1.1l muaj nrog kev tshem tawm ob qhov tsis zoo:

• CVE-2021-3711 yog qhov tsis txaus nyob rau hauv txoj cai siv SM2 cryptographic algorithm (ib txwm nyob hauv Suav teb), uas tso cai rau 62 bytes los sau rau hauv thaj chaw dhau ntawm qhov tsis muaj ciam teb vim yog qhov yuam kev hauv kev suav qhov tsis loj. Tus neeg tawm tsam tuaj yeem muaj peev xwm ua tiav cov lej ua tiav lossis daim ntawv thov poob los ntawm kev hla cov ntaub ntawv tshwj xeeb crafted rau cov ntawv thov uas siv EVP_PKEY_decrypt() muaj nuj nqi los decrypt cov ntaub ntawv SM2.
• CVE-2021-3712 yog qhov tsis txaus nyob rau hauv ASN.1 txoj hlua ua haujlwm, uas tuaj yeem ua rau daim ntawv thov poob lossis nthuav tawm cov ntsiab lus ntawm cov txheej txheem nco (piv txwv li, txhawm rau txheeb xyuas cov yuam sij khaws cia hauv lub cim xeeb) yog tias tus neeg tawm tsam muaj peev xwm tsim tau ib txoj hlua nyob rau hauv cov qauv ASN1_STRING sab hauv. tsis raug txiav los ntawm tus cwj pwm tsis zoo, thiab ua haujlwm hauv OpenSSL cov haujlwm uas luam daim ntawv pov thawj, xws li X509_aux_print(), X509_get1_email(), X509_REQ_get1_email() thiab X509_get1_ocsp().

Tib lub sijhawm, cov ntawv tshiab ntawm LibreSSL lub tsev qiv ntawv 3.3.4 thiab 3.2.6 raug tso tawm, uas tsis tau hais meej meej txog qhov tsis zoo, tab sis txiav txim los ntawm cov npe ntawm cov kev hloov pauv, CVE-2021-3712 qhov tsis zoo tau raug tshem tawm.

Tau qhov twg los: opennet.ru