ProHoster > Blog > internet nhau > OpenSSL 1.1.1j, wolfSSL 4.7.0 uye LibreSSL 3.2.4 inogadziridza

OpenSSL 1.1.1j, wolfSSL 4.7.0 uye LibreSSL 3.2.4 inogadziridza

Kuburitswa kwekugadzirisa kweOpenSSL cryptographic library 1.1.1j iripo, inogadzirisa kusakwana kuviri:

  • CVE-2021-23841 is a NULL pointer dereference muX509_issuer_and_serial_hash() basa, rinogona kukanganisa maapplication anodana basa iri kuti abate zvitupa zve X509 neukoshi husiyo mundima yeanopa.
  • CVE-2021-23840 inofashukira muEVP_CipherUpdate, EVP_EncryptUpdate, uye EVP_DecryptUpdate mabasa anogona kuguma nekudzorera kukosha kwe1, kuratidza kushanda kwakabudirira, uye kuisa saizi kune kukosha kwakashata, izvo zvinogona kukonzera maapplication kuputsika kana kukanganisa. normal behaviour.
  • CVE-2021-23839 chikanganiso mukushandiswa kwekudzivirira kudzosera kushandiswa kweiyo SSLv2 protocol. Inoonekwa chete mubazi rekare 1.0.2.

Kuburitswa kweiyo LibreSSL 3.2.4 package yakaburitswa zvakare, mukati meiyo OpenBSD chirongwa chiri kugadzira forogo yeOpenSSL yakanangana nekupa mwero wepamusoro wechengetedzo. Kuburitswa kwacho kwakakosha kudzoka kune chekare chekuongorora chitupa kodhi yakashandiswa muLibreSSL 3.1.x nekuda kwekuzorora mune mamwe maapplication ane mabindings ekushanda achitenderedza tsikidzi mukodhi yekare. Pakati pezvitsva, kuwedzerwa kwekushandiswa kwemutengesi uye zvikamu zve autochain kuTLSv1.3 inomira pachena.

Pamusoro pezvo, pakave nekuburitswa kutsva kweiyo compact cryptographic library wolfSSL 4.7.0, yakagadziridzwa kuti ishandiswe pamidziyo yakadzikwa ine shoma processor uye zviwanikwa zvekuyeuka, senge Internet yeZvinhu zvishandiso, smart kumba masisitimu, mota dzeruzivo masisitimu, ma router uye nharembozha. . Iyo kodhi yakanyorwa mumutauro weC uye yakagoverwa pasi peGPLv2 rezinesi.

Iyo itsva vhezheni inosanganisira rutsigiro rweRFC 5705 (Keying Material Exporters yeTLS) uye S/MIME (Yakachengeteka/Multipurpose Internet Mail Extensions). Yakawedzerwa "--enable-reproducible-build" mureza kuti uve nechokwadi chekugadzirwazve. Iyo SSL_get_verify_mode API, X509_VERIFY_PARAM API uye X509_STORE_CTX yakawedzerwa kune layer kuti ive nechokwadi chekuenderana neOpenSSL. Yakaitwa macro WOLFSSL_PSK_IDENTITY_ALERT. Yakawedzera basa idzva _CTX_NoTicketTLSv12 kudzima TLS 1.2 matikiti echikamu, asi achengetedze kuTLS 1.3.

Source: opennet.ru

Voeg