ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Crashes hauv OpenBSD, DragonFly BSD thiab Electron vim IdenTrust cov hauv paus ntawv pov thawj tas sij hawm

Crashes hauv OpenBSD, DragonFly BSD thiab Electron vim IdenTrust cov hauv paus ntawv pov thawj tas sij hawm

Qhov kev txiav txim siab ntawm IdenTrust daim ntawv pov thawj hauv paus (DST Root CA X3), siv los hla kos npe rau Let's Encrypt CA daim ntawv pov thawj hauv paus, tau ua rau muaj teeb meem nrog Let's Encrypt daim ntawv pov thawj hauv cov haujlwm uas siv cov ntawv qub ntawm OpenSSL thiab GnuTLS. Cov teeb meem tseem cuam tshuam rau LibreSSL lub tsev qiv ntawv, cov neeg tsim khoom uas tsis tau coj mus rau hauv tus account yav dhau los kev cuam tshuam nrog kev ua tsis tiav uas tau tshwm sim tom qab Sectigo (Comodo) CA's AddTrust daim ntawv pov thawj hauv paus tau dhau los lawm.

Cia peb nco qab tias hauv OpenSSL tshaj tawm mus txog ceg 1.0.2 suav nrog thiab hauv GnuTLS ua ntej tso tawm 3.6.14, muaj kab laum uas tsis tso cai rau daim ntawv pov thawj hla kev ua tiav yog tias ib qho ntawm cov ntawv pov thawj hauv paus siv rau kev kos npe dhau los dhau los , txawm tias lwm cov khoom siv tau raug khaws cia ntawm kev ntseeg siab (nyob rau hauv rooj plaub ntawm Let's Encrypt, qhov tsis txaus ntseeg ntawm IdenTrust daim ntawv pov thawj hauv paus tiv thaiv kev pov thawj, txawm tias lub kaw lus muaj kev txhawb nqa rau Let's Encrypt tus kheej daim ntawv pov thawj, siv tau txog 2030). Lub ntsiab lus ntawm kab laum yog tias cov laus versions ntawm OpenSSL thiab GnuTLS tau txheeb xyuas daim ntawv pov thawj raws li cov kab sib txuas, thaum raws li RFC 4158, daim ntawv pov thawj tuaj yeem sawv cev rau ib qho kev taw qhia cov voj voog ncig nrog ntau qhov kev ntseeg siab uas yuav tsum tau coj mus rau hauv tus account.

Raws li kev ua haujlwm los daws qhov tsis ua haujlwm, nws tau thov kom tshem tawm "DST Root CA X3" daim ntawv pov thawj los ntawm lub kaw lus cia (/etc/ca-certificates.conf thiab /etc/ssl/certs), thiab tom qab ntawd khiav cov lus txib "hloov tshiab -ca-certificates -f -v" "). Ntawm CentOS thiab RHEL, koj tuaj yeem ntxiv "DST Root CA X3" daim ntawv pov thawj rau hauv daim ntawv teev npe dub: ntseeg pov tseg -filter "pkcs11:id=%c4%a7%b1%a4%7b%2c%71%fa%db%e1% 4b%90%75%ff%c4%15%60%85%89%10" | openssl x509 | sudo tee /etc/pki/ca-trust/source/blacklist/DST-Root-CA-X3.pem sudo hloov tshiab-ca-trust extract

Qee qhov kev sib tsoo peb tau pom uas tshwm sim tom qab IdenTrust daim ntawv pov thawj hauv paus tas:

  • Hauv OpenBSD, syspatch utility, siv los nruab binary system hloov tshiab, tau tso tseg. Lub phiaj xwm OpenBSD hnub no tau tso tawm thaj ua rau thaj rau cov ceg 6.8 thiab 6.9 uas kho cov teeb meem hauv LibreSSL nrog kev kuaj xyuas cov ntawv pov thawj hla, ib qho ntawm cov ntawv pov thawj hauv paus hauv cov saw hlau uas tau tas sij hawm. Raws li kev daws teeb meem, nws raug nquahu kom hloov los ntawm HTTPS mus rau HTTP hauv /etc/installurl (qhov no tsis cuam tshuam txog kev nyab xeeb, txij li cov kev hloov tshiab tau txheeb xyuas ntxiv los ntawm tus lej kos npe) lossis xaiv daim iav lwm yam (ftp.usa.openbsd. org, ftp.hostserver.de, cdn.openbsd.org). Koj tseem tuaj yeem tshem tawm DST Root CA X3 cov ntawv pov thawj hauv paus los ntawm /etc/ssl/cert.pem cov ntaub ntawv.
  • Hauv DragonFly BSD, cov teeb meem zoo sib xws tau pom thaum ua haujlwm nrog Dports. Thaum pib pkg tus neeg saib xyuas pob, ib daim ntawv pov thawj pov thawj yuam kev tshwm. Qhov kho tau ntxiv hnub no rau tus tswv, DragonFly_RELEASE_6_0 thiab DragonFly_RELEASE_5_8 ceg. Raws li kev daws teeb meem, koj tuaj yeem tshem tawm DST Root CA X3 daim ntawv pov thawj.
  • Cov txheej txheem ntawm kev txheeb xyuas Let's Encrypt daim ntawv pov thawj hauv cov ntawv thov raws li Electron platform tawg. Qhov teeb meem tau kho hauv qhov hloov tshiab 12.2.1, 13.5.1, 14.1.0, 15.1.0.
  • Qee qhov kev faib tawm muaj teeb meem nkag mus rau cov pob khoom thaum siv APT tus thawj tswj pob cuam tshuam nrog cov ntawv qub ntawm GnuTLS lub tsev qiv ntawv. Debian 9 tau cuam tshuam los ntawm qhov teeb meem, uas tau siv lub pob GnuTLS tsis tau kho, uas ua rau muaj teeb meem thaum nkag mus rau deb.debian.org rau cov neeg siv uas tsis nruab qhov hloov tshiab rau lub sijhawm (gnutls28-3.5.8-5+deb9u6 kho tau muaj. on September 17). Raws li kev ua haujlwm, nws raug pom zoo kom tshem tawm DST_Root_CA_X3.crt los ntawm /etc/ca-certificates.conf cov ntaub ntawv.
  • Kev ua haujlwm ntawm acme-tus neeg siv khoom hauv cov khoom siv faib khoom rau kev tsim OPNsense firewalls tau cuam tshuam; qhov teeb meem tau tshaj tawm ua ntej, tab sis cov neeg tsim khoom tsis tswj hwm kom tso tawm thaj ua rau lub sijhawm.
  • Qhov teeb meem cuam tshuam rau OpenSSL 1.0.2k pob hauv RHEL/CentOS 7, tab sis ib lub lim tiam dhau los qhov hloov tshiab rau ca-certificates-7-7.el2021.2.50_72.noarch pob tau tsim rau RHEL 7 thiab CentOS 9, los ntawm qhov IdenTrust daim ntawv pov thawj raug tshem tawm, i.e. qhov tshwm sim ntawm qhov teeb meem raug thaiv ua ntej. Ib qho kev hloov tshiab zoo sib xws tau luam tawm ib lub lim tiam dhau los rau Ubuntu 16.04, Ubuntu 14.04, Ubuntu 21.04, Ubuntu 20.04 thiab Ubuntu 18.04. Txij li cov kev hloov tshiab tau tshaj tawm ua ntej, qhov teeb meem ntawm kev kuaj Let's Encrypt daim ntawv pov thawj cuam tshuam tsuas yog cov neeg siv ntawm cov ceg qub ntawm RHEL / CentOS thiab Ubuntu uas tsis tu ncua kev hloov kho tshiab.
  • Cov txheej txheem pov thawj daim ntawv pov thawj hauv grpc tawg.
  • Cloudflare Pages platform tsim ua tsis tiav.
  • Teeb meem nrog Amazon Web Services (AWS).
  • Cov neeg siv DigitalOcean muaj teeb meem txuas rau lub database.
  • Lub Netlify huab platform tau poob lawm.
  • Teeb meem nkag mus rau cov kev pabcuam Xero.
  • Kev sim tsim TLS kev sib txuas rau Web API ntawm MailGun kev pabcuam ua tsis tiav.
  • Kev sib tsoo hauv versions ntawm macOS thiab iOS (11, 13, 14), uas theoretically yuav tsum tsis txhob cuam tshuam los ntawm qhov teeb meem.
  • Kev pabcuam Catchpoint ua tsis tau.
  • Yuam kev txheeb xyuas daim ntawv pov thawj thaum nkag mus rau PostMan API.
  • Tus Saib Xyuas Firewall tau poob lawm.
  • Nplooj ntawv txhawb nqa monday.com tawg.
  • Cerb platform tau poob lawm.
  • Uptime check ua tsis tiav hauv Google Cloud Monitoring.
  • Teeb meem nrog daim ntawv pov thawj pov thawj hauv Cisco Umbrella Secure Web Gateway.
  • Teeb meem txuas rau Bluecoat thiab Palo Alto proxies.
  • OVHcloud muaj teeb meem txuas rau OpenStack API.
  • Teeb meem nrog kev tsim cov ntawv ceeb toom hauv Shopify.
  • Muaj teeb meem nkag mus rau Heroku API.
  • Ledger Live Manager poob lawm.
  • Certificate verification yuam kev hauv Facebook App Developer Tools.
  • Teeb meem hauv Sophos SG UTM.
  • Teeb meem nrog kev txheeb xyuas daim ntawv pov thawj hauv cPanel.

Tau qhov twg los: opennet.ru

Ntxiv ib saib