Ofufuza ochokera ku yunivesite. Masaryk
Ntchito zodziwika bwino zomwe zimakhudzidwa ndi njira yomwe akuwukira ndi OpenJDK/OracleJDK (CVE-2019-2894) ndi laibulale.
Vutoli lakhazikitsidwa kale pakutulutsidwa kwa libgcrypt 1.8.5 ndi wolfCrypt 4.1.0, mapulojekiti otsalawo sanapange zosintha. Mutha kutsata kukonza kwachiwopsezo chomwe chili mu phukusi la libgcrypt pamagawidwe patsamba awa:
Zowopsa
libkcapi kuchokera ku Linux kernel, Sodium ndi GnuTLS.
Vutoli limayamba chifukwa chotha kudziwa mayendedwe amtundu uliwonse panthawi yochulukirachulukira mu elliptic curve operation. Njira zosalunjika, monga kuyerekezera kuchedwa kwa makompyuta, zimagwiritsidwa ntchito potulutsa zidziwitso. Kuwukira kumafuna mwayi wopanda mwayi kwa wolandila pomwe siginecha ya digito imapangidwira (osati
Ngakhale kukula kochepa kwa kutayikirako, kwa ECDSA kuzindikira ngakhale pang'ono pang'ono ndi chidziwitso cha vekitala (nonce) ndikokwanira kuchita chiwembu kuti mubwezeretsenso makiyi onse achinsinsi. Malinga ndi olemba njira, kuti apeze bwino fungulo, kusanthula kwa siginecha mazana angapo mpaka zikwi zingapo za digito zomwe zimapangidwira mauthenga odziwika kwa wotsutsa ndizokwanira. Mwachitsanzo, masiginecha a digito okwana 90 adawunikidwa pogwiritsa ntchito secp256r1 elliptic curve kuti adziwe kiyi yachinsinsi yomwe imagwiritsidwa ntchito pamakhadi anzeru a Athena IDProtect kutengera chip Inside Secure AT11SC. Nthawi yonse yakuukira inali mphindi 30.
Source: opennet.ru