Mwepụta mmezi nke ọbá akwụkwọ cryptographic OpenSSL 1.1.1j dị, nke na-edozi adịghị ike abụọ:
- CVE-2021-23841 bụ NULL pointer dereference na ọrụ X509_issuer_and_serial_hash(), nke nwere ike daa ngwa ndị na-akpọ ọrụ a iji jikwaa asambodo X509 nwere uru na-ezighi ezi na mpaghara onye nrụpụta.
- CVE-2021-23840 bụ integer njupụta na EVP_CipherUpdate, EVP_EncryptUpdate, na EVP_DecryptUpdate ọrụ nke nwere ike ime ka iweghachi uru nke 1, na-egosi ọrụ na-aga nke ọma, na ịtọ nha na uru na-adịghị mma, nke nwere ike ime ka ngwa daa ma ọ bụ mebie ya. omume nkịtị.
- CVE-2021-23839 bụ ntụpọ n'ime mmejuputa nke nchedo nlọghachi azụ maka ojiji nke SSLv2 protocol. Na-apụta naanị na ngalaba ochie 1.0.2.
Ebipụtakwala ntọhapụ nke ngwugwu LibreSSL 3.2.4, n'ime nke ọrụ OpenBSD na-emepụta ndụdụ nke OpenSSL iji nye nchebe dị elu. Ntọhapụ ahụ bụ ihe ama ama maka ịlaghachi na koodu nkwenye akwụkwọ ochie ejiri na LibreSSL 3.1.x n'ihi nkwụsịtụ na ụfọdụ ngwa nwere njikọ iji rụọ ọrụ gburugburu ahụhụ na koodu ochie. N'ime ihe ọhụrụ ndị ahụ, mgbakwunye nke mmejuputa nke onye na-ebupụ na ihe autochain na TLSv1.3 pụtara.
Na mgbakwunye, enwere mwepụta ọhụrụ nke kọmpat cryptographic ọba akwụkwọ wolfSSL 4.7.0, ahaziri maka ojiji na ngwaọrụ agbakwunyere nwere obere processor na akụrụngwa ebe nchekwa, dị ka Internet nke ihe, sistemụ ụlọ smart, sistemụ ozi ụgbọ ala, ndị na-anya ụgbọ mmiri na ekwentị mkpanaaka. . Edere koodu ahụ n'asụsụ C wee kesaa n'okpuru ikike GPLv2.
Ụdị ọhụrụ a gụnyere nkwado maka RFC 5705 (Ndị na-ebupụ ihe onwunwe maka TLS) na S/MIME (Secure/Multipurpose Internet Mail Extensions). Agbakwunyere ọkọlọtọ "--enable-reproducible-build" iji hụ na a na-ewuligharị ya. Agbakwunyela SSL_get_verify_mode API, X509_VERIFY_PARAM API na X509_STORE_CTX na oyi akwa iji hụ na ndakọrịta na OpenSSL. nnukwu arụ ọrụ WOLFSSL_PSK_IDENTITY_ALERT. Agbakwunyere ọrụ ọhụrụ _CTX_NoTicketTLSv12 iji gbanyụọ tiketi nnọkọ TLS 1.2, mana chekwaa ha maka TLS 1.3.
isi: opennet.ru