Kev saib xyuas tso tawm ntawm OpenSSL cryptographic tsev qiv ntawv 3.0.2 thiab 1.1.1n muaj. Qhov hloov tshiab kho qhov muaj qhov tsis zoo (CVE-2022-0778) uas tuaj yeem siv los ua kom tsis lees txais kev pabcuam (tsis muaj qhov kawg ntawm tus tuav). Txhawm rau siv qhov tsis zoo, nws txaus los ua daim ntawv pov thawj tsim tshwj xeeb. Qhov teeb meem tshwm sim nyob rau hauv ob qho tib si server thiab cov neeg siv khoom siv uas tuaj yeem ua cov ntawv pov thawj uas siv los ntawm cov neeg siv khoom.
Qhov teeb meem yog tshwm sim los ntawm kab laum hauv BN_mod_sqrt() muaj nuj nqi, uas ua rau lub voj voog thaum xam cov square root modulo ib yam dab tsi uas tsis yog tus lej tseem ceeb. Kev ua haujlwm yog siv thaum txheeb xyuas daim ntawv pov thawj nrog cov yuam sij raws li cov kab nkhaus elliptic. Kev ua haujlwm los hloov pauv qhov tsis raug elliptic nkhaus tsis nyob rau hauv daim ntawv pov thawj. Vim tias qhov teeb meem tshwm sim ua ntej daim ntawv pov thawj cov ntawv kos npe digital raug txheeb xyuas, qhov kev tawm tsam tuaj yeem ua los ntawm tus neeg siv tsis tau lees paub uas tuaj yeem ua rau tus neeg siv khoom lossis daim ntawv pov thawj server raug xa mus rau cov ntawv thov siv OpenSSL.
Qhov tsis zoo kuj tseem cuam tshuam rau LibreSSL lub tsev qiv ntawv tsim los ntawm OpenBSD qhov project, ib qho kev txhim kho uas tau npaj rau hauv kev kho qhov tso tawm ntawm LibreSSL 3.3.6, 3.4.3 thiab 3.5.1. Tsis tas li ntawd, kev tshuaj xyuas ntawm cov xwm txheej rau kev siv qhov tsis zoo tau raug luam tawm (piv txwv li daim ntawv pov thawj phem uas ua rau khov tsis tau tshaj tawm rau pej xeem).
Tau qhov twg los: opennet.ru