Ua faʻasalalau e Oracle se faʻasalalauga fuafuaina o faʻafouga i ana oloa (Critical Patch Update), e faʻamoemoe e faʻaumatia faafitauli ogaoga ma faʻafitauli. O le faʻafouina o Aperila na faʻamautu ai le aofaʻi o 520 faʻafitauli.
O nisi fa'afitauli:
- 6 Saogalemu Mataupu i Java SE. O faʻafitauli uma e mafai ona faʻaogaina mamao e aunoa ma le faʻamaonia ma aʻafia ai siosiomaga e faʻatagaina ai le faʻataunuʻuina o le tulafono le talitonuina. E lua mataupu ua tu'uina atu i ai se tulaga ogaoga o le 7.5. O faʻafitauli ua foʻia i le Java SE 18.0.1, 11.0.15, ma le 8u331 faʻasalalauga.
O se tasi o faʻafitauli (CVE-2022-21449) e mafai ai ona e fatuina se saini faʻanumera ECDSA e faʻaaoga ai faʻamaufaʻailoga e leai se mea pe a faʻatupuina (pe a fai e leai se mea, ona alu lea o le pupuni i le le iʻu, o le mea lea e faʻasaina faʻamaonia ai le leai o mea taua i totonu. le faʻamatalaga). E leʻi siakiina e le faletusi Java le aoga ole ECDSA, o le mea lea pe a faʻaogaina saini ma faʻamaufaʻailoga, e manatu Java e aoga i tulaga uma).
Faatasi ai ma isi mea, o le faʻafitauli e mafai ona faʻaaogaina e gaosia ai tusi TLS faʻamaonia o le a talia i Java e saʻo, faʻapea foʻi ma le faʻamaonia o le faʻamaonia e ala i WebAuthn ma faʻatupuina faʻailoga JWT saini ma OIDC faʻailoga. I se isi faaupuga, o le vaivai e mafai ai e oe ona gaosia tusi pasi lautele ma saini o le a talia ma iloa e saʻo i Java e faʻaaogaina vasega java.security.* mo le faʻamaonia. O le faʻafitauli e aliali mai i lala Java 15, 16, 17 ma 18. O loʻo maua se faʻataʻitaʻiga o le fatuina o tusi faamaonia pepelo. jshell> faaulufale mai java.security.* jshell> var ki = KeyPairGenerator.getInstance("EC").generateKeyPair() ki ==> java.security.KeyPair@626b2d4a jshell> var blankSignature = new byte[64] blankSignature ==> byte[64] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, … , 0, 0, 0, 0, 0, 0, 0, 0 } j atigi > var sig = Signature.getInstance("SHA256WithECDSAInP1363Format") sig ==> Saini mea: SHA256WithECDSAInP1363Format jshell> sig.initVerify(keys.getPublic()) jshell> sig.update("Talofa, Lalolagi".getBytes()) jshell> sig.verify(blankSignature) $8 ==> moni
- 26 faʻafitauli i le MySQL server, e lua e mafai ona faʻaogaina mamao. O faʻafitauli sili ona ogaoga e fesoʻotaʻi ma le faʻaogaina o le OpenSSL ma le protobuf ua tuʻuina atu i se tulaga ogaoga o le 7.5. O faʻafitauli faʻaletonu e aʻafia ai le optimizer, InnoDB, replication, PAM plugin, DDL, DML, FTS ma le logging. O mataupu na foia i MySQL Community Server 8.0.29 ma 5.7.38 faʻasalalauga.
- 5 faʻafitauli i VirtualBox. O faʻafitauli o loʻo tuʻuina atu i se tulaga ogaoga mai le 7.5 i le 3.8 (o le faʻafitauli sili ona mataʻutia e faʻaalia i luga o le Windows platform). O faʻafitauli e faʻamautu i le VirtualBox 6.1.34 faʻafouina.
- 6 faʻafitauli i Solaris. O faʻafitauli e aʻafia ai le fatu ma mea aoga. O le faʻafitauli sili ona ogaoga i totonu o mea aoga o loʻo tuʻuina atu i se tulaga lamatia o le 8.2. O faʻafitauli o loʻo foia i le Solaris 11.4 SRU44 faʻafouina.
puna: opennet.ru