Qhov tsis zoo tau raug txheeb xyuas nyob rau hauv OpenSSL cryptographic tsev qiv ntawv (CVE tseem tsis tau muab tso rau), nrog kev pab los ntawm cov chaw taws teeb tawm tsam tuaj yeem ua rau cov ntsiab lus ntawm cov txheej txheem nco los ntawm kev xa cov ntaub ntawv tshwj xeeb tsim thaum lub sijhawm tsim kev sib txuas TLS. Nws tseem tsis tau paub meej tias qhov teeb meem tuaj yeem ua rau tus neeg tawm tsam kev ua txhaum cai thiab cov ntaub ntawv tawm los ntawm cov txheej txheem nco, lossis seb nws txwv rau kev sib tsoo.
Qhov tsis zoo tshwm sim hauv OpenSSL 3.0.4 tso tawm, luam tawm thaum Lub Rau Hli 21, thiab yog tshwm sim los ntawm kev kho tsis raug rau cov kab laum hauv cov lej uas tuaj yeem ua rau ntau txog 8192 bytes ntawm cov ntaub ntawv raug sau dua lossis nyeem dhau ntawm qhov tsis raug faib. Kev siv qhov tsis zoo tsuas yog ua tau ntawm x86_64 systems nrog kev txhawb nqa rau AVX512 cov lus qhia.
Forks ntawm OpenSSL xws li BoringSSL thiab LibreSSL, nrog rau OpenSSL 1.1.1 ceg, tsis cuam tshuam los ntawm qhov teeb meem. Qhov kho tam sim no tsuas yog muaj raws li thaj chaw. Hauv qhov xwm txheej phem tshaj plaws, qhov teeb meem tuaj yeem ua rau muaj kev phom sij ntau dua li Heartbleed vulnerability, tab sis qib kev hem thawj raug txo los ntawm qhov tseeb tias qhov tsis zoo tshwm sim tsuas yog hauv OpenSSL 3.0.4 tso tawm, thaum ntau qhov kev faib tawm txuas ntxiv xa mus rau 1.1.1. ceg los ntawm lub neej ntawd lossis tseem tsis tau muaj sijhawm los tsim cov pob hloov tshiab nrog version 3.0.4.
Tau qhov twg los: opennet.ru