ProHoster > Блог > wararka internetka > OpenSSL 1.1.1j, wolfSSL 4.7.0 iyo LibreSSL 3.2.4 update

OpenSSL 1.1.1j, wolfSSL 4.7.0 iyo LibreSSL 3.2.4 update

Soo-saarid balastar ah oo maktabadda sirta ah ee OpenSSL 1.1.1j ah ayaa hadda la heli karaa, taasoo hagaajinaysa laba nuglaan:

  • CVE-2021-23841 - Tixraac tilmaame NULL ah oo ku jira shaqada X509_issuer_and_serial_hash() ayaa laga yaabaa inuu burburiyo codsiyada u yeeraya shaqadan si ay u farsameeyaan shahaadooyinka X509 oo leh qiime khaldan oo ku jira goobta soo saaraha.
  • CVE-2021-23840 - Tirada guud ee ku jirta hawlaha EVP_CipherUpdate, EVP_EncryptUpdate, iyo EVP_DecryptUpdate waxay keeni kartaa qiime soo celin ah oo ah 1, taasoo muujinaysa guul, iyo qiime taban oo cabbirka ah, taasoo keeni karta in codsiyadu ay burburaan ama si kale u dhaqmaan.
  • CVE-2021-23839 — cillad ku timid hirgelinta ilaalinta dib-u-dhaca ee isticmaalka borotokoolka SSLv2. Waxay saameysaa oo keliya laanta hore ee 1.0.2.

LibreSSL 3.2.4 ayaa sidoo kale la sii daayay, taasoo matalaysa mashruuca OpenBSD ee OpenSSL, kaas oo ujeedadiisu tahay inuu bixiyo heer amni oo sarreeya. Siideyntan waxaa lagu yaqaanaa dib ugu noqoshada koodkii hore ee xaqiijinta shahaadada ee loo isticmaalay LibreSSL 3.1.x, sababtoo ah qaar ka mid ah codsiyada ku tiirsanaa isku xidhka si looga shaqeeyo cilladaha ku jira koodkii hore. Astaamaha cusub waxaa ka mid ah, ku darista hirgelinta TLSv1.3 ee qaybaha dhoofinta iyo otomaatiga ah waa mid la taaban karo.

Intaa waxaa dheer, sii deyn cusub oo ah maktabadda sirta ah ee wolfSSL 4.7.0 ee yar ayaa la sii daayay. Waxaa loo habeeyay in lagu isticmaalo aaladaha ku dhex jira oo leh kheyraad xaddidan oo processor iyo xusuusta ah, sida aaladaha IoT, nidaamyada guriga casriga ah, nidaamyada macluumaadka ee gaariga dhexdiisa, router-ka, iyo taleefannada gacanta. Koodhka waxaa lagu qoray C waxaana lagu qaybiyay shatiga GPLv2.

Nooca cusub wuxuu hirgelinayaa taageerada RFC 5705 (Keying Material Exporters for TLS) iyo S/MIME (Secure/Multipurpose Internet Mail Extensions). Calanka "--enable-reproducible-build" ayaa lagu daray si loo hubiyo dhismayaal soo noqnoqonaya. SSL_get_verify_mode, X509_VERIFY_PARAM, iyo X509_STORE_CTX APIs ayaa lagu daray lakabka iswaafajinta OpenSSL. Macro-ga WOLFSSL_PSK_IDENTITY_ALERT ayaa la hirgeliyay. Hawsha cusub ee _CTX_NoTicketTLSv12 ayaa lagu daray si loo joojiyo tikidhada kalfadhiga TLS 1.2 laakiin loo ilaaliyo TLS 1.3.

Source: opennet.ru

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers 🔥 Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster