Kutulutsa kokonzanso kwa OpenSSL cryptographic library 1.1.1j kulipo, komwe kumakonza zovuta ziwiri:
- CVE-2021-23841 ndi NULL pointer dereference mu X509_issuer_and_serial_hash() ntchito, yomwe imatha kusokoneza mapulogalamu omwe amayimbira izi kuti agwire masatifiketi a X509 omwe ali ndi mtengo wolakwika m'gawo lopereka.
- CVE-2021-23840 ndikusefukira kwa EVP_CipherUpdate, EVP_EncryptUpdate, ndi EVP_DecryptUpdate ntchito zomwe zingayambitse kubweza mtengo wa 1, kuwonetsa ntchito yopambana, ndikuyika kukula kwa mtengo woipa, zomwe zingayambitse mapulogalamu kusokoneza kapena kusokoneza. khalidwe labwino.
- CVE-2021-23839 ndi cholakwika pakukhazikitsa chitetezo chobwezera kumbuyo kwa protocol ya SSLv2. Zikuwonekera kokha mu nthambi yakale 1.0.2.
Kutulutsidwa kwa phukusi la LibreSSL 3.2.4 kwasindikizidwanso, momwe polojekiti ya OpenBSD ikupanga foloko ya OpenSSL yomwe cholinga chake ndi kupereka chitetezo chapamwamba. Kutulutsidwaku ndikodziwika pakubwerera ku nambala yakale yotsimikizira za satifiketi yomwe imagwiritsidwa ntchito mu LibreSSL 3.1.x chifukwa chopumira pamapulogalamu ena okhala ndi zomangirira kuti agwire nsikidzi mu code yakale. Pakati pazatsopano, kuwonjezera kwa kukhazikitsa kwa otumiza kunja ndi zida za autochain ku TLSv1.3 ndizodziwika bwino.
Kuphatikiza apo, panali kutulutsidwa kwatsopano kwa laibulale ya compact cryptographic wolfSSL 4.7.0, yokometsedwa kuti igwiritsidwe ntchito pazida zophatikizika zokhala ndi purosesa yochepa komanso zida zamakumbukiro, monga zida za intaneti ya Zinthu, makina apanyumba anzeru, makina azidziwitso zamagalimoto, ma router ndi mafoni am'manja. . Khodiyo imalembedwa m'chinenero cha C ndikugawidwa pansi pa layisensi ya GPLv2.
Mtundu watsopanowu umaphatikizapo chithandizo cha RFC 5705 (Keying Material Exporters for TLS) ndi S/MIME (Secure/Multipurpose Internet Mail Extensions). Onjezani mbendera ya "-enable-reproducible-build" kuti muwonetsetse kuti zomanganso zimatha kupanga. SSL_get_verify_mode API, X509_VERIFY_PARAM API ndi X509_STORE_CTX zawonjezedwa pagawo kuti zitsimikizire kuti zimagwirizana ndi OpenSSL. Zina zonse za WOLFSSL_PSK_IDENTITY_ALERT. Onjezani ntchito yatsopano _CTX_NoTicketTLSv12 kuti mulepheretse matikiti a gawo la TLS 1.2, koma muwasungire ku TLS 1.3.
Source: opennet.ru