Siideynta dayactirka maktabadda cryptographic OpenSSL 1.1.1k ayaa diyaar ah, taas oo hagaajinaysa laba dayacan oo loo qoondeeyay heer aad u sarreeya:
- CVE-2021-3450 - Waxaa suurtagal ah in la dhaafo xaqiijinta shahaadada maamulka shahaadada marka calanka X509_V_FLAG_X509_STRICT la hawlgeliyo, kaas oo naafo ah si caadi ah oo loo isticmaalo in lagu hubiyo joogitaanka shahaadooyinka silsiladda. Dhibaatada waxaa lagu soo bandhigay hirgelinta OpenSSL 1.1.1h ee jeeg cusub oo mamnuucaya isticmaalka shahaadooyinka silsilad si cad u qeexaysa xuduudaha qalooca elliptical.
Cilad ku timid koodka awgeed, jeega cusubi waxa uu dhaafiyay natiijadii jeeggii hore ee la sameeyay ee saxnaanta shahaadada maamulka shahaado bixinta. Natiijo ahaan, shahaadooyinka lagu caddeeyey shahaado iskiis u saxeexay, oo aan ku xidhnayn silsilad kalsooni iyo hay'ad shahaado, ayaa loola dhaqmay si buuxda loo aamini karo. Nuglaanta ma muuqato haddii cabbirka "ujeedada" la dejiyay, kaas oo si caadi ah loogu dejiyay macmiilka iyo habraacyada xaqiijinta shahaadada serverka ee libssl (loo isticmaalo TLS).
- CVE-2021-3449 - Waa suurtagal in la keeno shil server TLS iyada oo loo marayo macmiilka diraya fariin gaar ah oo ClientHello ah. Arrintu waxa ay la xiriirtaa NULL tilmaame ee dhaqangelinta kordhinta saxeexa_algorithms. Arrintu waxay ku dhacdaa server-yada taageera TLSv1.2 oo awood u siinaya dib u gorgortanka isku xirka (loo hawlgeliyay si caadi ah).
Source: opennet.ru