strongSwan 5.9.10 yave kuwanikwa, pasuru yemahara yekugadzira VPN kubatana zvichibva pane IPSec protocol inoshandiswa muLinux, Android, FreeBSD uye macOS. Iyo vhezheni nyowani inobvisa njodzi ine njodzi (CVE-2023-26463) iyo inogona kushandiswa kunzvenga chokwadi, asi inogona zvakare kutungamira mukuitwa kweanorwisa kodhi pane server kana mutengi kudivi. Dambudziko rinoitika kana uchisimbisa zvakagadzirirwa zvitupa muTLS-based EAP (Extensible Authentication Protocol) nzira dzechokwadi.
Kusagadzikana uku kunokonzerwa nemubati weTLS achitambira zvisirizvo makiyi eruzhinji kubva pachitupa chevezera rake, achiaona seakavimbika kunyangwe chitupa chikatadza kunyatso kusimbiswa. Kunyanya, pakudaidza tls_find_public_key () basa, sarudzo yakavakirwa parudzi rwekiyi yeruzhinji inoshandiswa kuona kuti zvitupa zvipi zvinovimbika. Dambudziko nderekuti musiyano unoshandiswa kuona rudzi rwekiyi yebasa rekutarisa unoiswa zvakadaro, kunyangwe chitupa chisina kuvimbika.
Uyezve, nekushandisa kiyi, unogona kuderedza referensi counter (kana chitupa chisina kuvimbika, chinongedzo chechinhu chinoburitswa mushure mekuona rudzi rwekiyi) uye kusunungura ndangariro yechinhu chichiri kushandiswa nekiyi. Ichi chikanganiso hachisanganisi kugadzirwa kwezvibodzwa kuburitsa ruzivo kubva mundangariro uye kuita tsika kodhi.
Kurwiswa kwesevha kunoitwa kuburikidza nemutengi kutumira chitupa chekuzvisaina kuratidza mutengi achishandisa nzira dzeEAP-TLS, EAP-TTLS, EAP-PEAP uye EAP-TNC. Kurwiswa kwemutengi kunogona kuitwa kuburikidza nesevha ichidzosa chitupa chakagadzirwa. Kusagadzikana kunoonekwa mune yakasimbaSwan inoburitsa 5.9.8 uye 5.9.9. Kuburitswa kwezvigadziriso zvepakeji mukugovera kunogona kuteverwa pamapeji: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD, NetBSD.
Source: opennet.ru