ProHoster > Блог > ozi ịntanetị > Ikike imepụta mbinye aka ECDSA dummy na Java SE. Ọdịmma na MySQL, VirtualBox na Solaris

Ikike imepụta mbinye aka ECDSA dummy na Java SE. Ọdịmma na MySQL, VirtualBox na Solaris

Oracle ebipụtala ntọhapụ ahaziri maka ngwaahịa ya (Critical Patch Update), iji wepụ nsogbu na adịghị ike dị oke egwu. Mmelite Eprel wepụrụ mkpokọta adịghị ike 520.

Nsogbu ụfọdụ:

  • 6 Okwu nchekwa na Java SE. Enwere ike iji adịghị ike niile eme ihe n'ebe dị anya na-enweghị nkwenye yana metụta gburugburu ebe obibi na-enye ohere mmezu koodu enweghị ntụkwasị obi. Esemokwu abụọ ka ekenyela ọkwa ike nke 7.5. E doziela adịghị ike ndị a na Java SE 18.0.1, 11.0.15, na 8u331 wepụta.

    Otu n'ime nsogbu ahụ (CVE-2022-21449) na-enye gị ohere ịmepụta mbinye aka dijitalụ ECDSA efu site na iji ihe ntụgharị efu mgbe ị na-emepụta ya (ọ bụrụ na paramita ahụ bụ efu, mgbe ahụ usoro ahụ na-aga na njedebe, yabụ amachibidoro ụkpụrụ efu n'ụzọ doro anya. nkọwapụta). Ọbá akwụkwọ Java enyochaghị ụkpụrụ efu nke paramita ECDSA, yabụ mgbe ị na-ahazi mbinye aka na parampat efu, Java weere na ha dị irè n'ọnọdụ niile).

    Tinyere ihe ndị ọzọ, enwere ike iji adịghị ike ahụ mepụta asambodo TLS ụgha nke a ga-anabata na Java dị ka nke ziri ezi, yana ịgafe nyocha site na WebAuthn ma mepụta akara JWT na-enweghị atụ na akara OIDC. N'ikwu ya n'ụzọ ọzọ, adịghị ike ahụ na-enye gị ohere ịmepụta asambodo na mbinye aka zuru ụwa ọnụ nke a ga-anabata ma ghọta dị ka ihe ziri ezi na ndị ọrụ Java na-eji java.security.* klas maka nkwenye. Nsogbu a pụtara na ngalaba Java 15, 16, 17 na 18. Ihe atụ nke ịmepụta asambodo adịgboroja dị. jshell> mbubata java.security.* jshell> var igodo = KeyPairGenerator.getInstance("EC").generateKeyPair() igodo ==> java.security.KeyPair@626b2d4a jshell> var blank Signature = byte ọhụrụ[64] blank Signature ==> byte[64] {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, … , 0, 0, 0, 0, 0, 0, 0, 0, 256, 1363, 256, 1363} jshell > var sig = Signature.getInstance("SHA8WithECDSAInPXNUMXFormat") akara ==> Ihe mbinye aka: SHAXNUMXWithECDSAinPXNUMXFormat jshell> sig.initVerify(keys.getPublic()) jshell> sig.update("Ndewo, World".getBytes()) jshell> sig.verify(blank Signature) $XNUMX ==> eziokwu

  • 26 adịghị ike na ihe nkesa MySQL, abụọ n'ime ha nwere ike iji ya mee ihe. Nsogbu kacha njọ jikọtara na iji OpenSSL na protobuf ka ekenyere oke ogo nke 7.5. Ọdịmma na-adịchaghị njọ na-emetụta onye na-ebuli elu, InnoDB, replication, PAM plugin, DDL, DML, FTS na ndekọ. E doziri okwu ndị a na MySQL Community Server 8.0.29 na 5.7.38 mwepụta.
  • 5 adịghị ike na VirtualBox. A na-ekenye nsogbu ndị a ọkwa dị njọ site na 7.5 ruo 3.8 (nhụhụ kachasị dị ize ndụ na-egosi naanị na ikpo okwu Windows). A na-edozi adịghị ike na VirtualBox 6.1.34 update.
  • 6 adịghị ike na Solaris. Nsogbu ndị a na-emetụta kernel na akụrụngwa. A na-ekenye nsogbu kachasị njọ na akụrụngwa ihe egwu nke 8.2. A na-edozi nsogbu ndị ahụ na Solaris 11.4 SRU44 update.

isi: opennet.ru

Tinye a comment