Vanotsvakurudza kubva kuYunivhesiti. Masaryk
Mapurojekiti anozivikanwa kwazvo anokanganiswa neyakarongwa nzira yekurwisa ndeye OpenJDK/OracleJDK (CVE-2019-2894) uye raibhurari.
Dambudziko rakatogadziriswa mukuburitswa kwe libgcrypt 1.8.5 uye wolfCrypt 4.1.0, mapurojekiti akasara haasati agadzira zvigadziriso. Iwe unogona kuteedzera gadziriso yekusagadzikana mune libgcrypt package mukugovera pamapeji aya:
Vulnerabilities
libkcapi kubva kuLinux kernel, Sodium uye GnuTLS.
Dambudziko rinokonzerwa nekugona kuona kukosha kwemabhiti ega panguva yekuwedzera kwe scalar mu elliptic curve mashandiro. Nzira dzisina kunanga, dzakadai sekufungidzira kunonoka kwekombuta, dzinoshandiswa kuburitsa ruzivo rushoma. Kurwiswa kunoda kusawana mukana kune muenzi panogadzirwa siginecha yedhijitari (kwete
Pasinei nehukuru husina kukosha hwekuvuza, kune ECDSA kuonekwa kwediki diki neruzivo nezve yekutanga vector (nonce) inokwana kuita kurwisa kudzoreredza kudzoreredza kiyi yese yakavanzika. Zvinoenderana nevanyori veiyo nzira, kuti ubudirire kudzoreredza kiyi, kuongororwa kwemazana akati wandei kusvika kune akati wandei ezviuru edhijitari masiginecha akagadzirwa kune mameseji anozivikanwa kune anorwisa anokwana. Semuyenzaniso, zviuru gumi nerimwe zvemasignature edhijitari akaongororwa pachishandiswa secp90r256 elliptic curve kuona kiyi yakavanzika inoshandiswa paAthena IDProtect smart kadhi yakavakirwa paInside Secure AT1SC chip. Nguva yese yekurwisa yaive maminitsi makumi matatu.
Source: opennet.ru