ProHoster > Π‘Π»ΠΎΠ³ > wararka internetka > OpenSSL 1.1.1j, wolfSSL 4.7.0 iyo LibreSSL 3.2.4 update

OpenSSL 1.1.1j, wolfSSL 4.7.0 iyo LibreSSL 3.2.4 update

Siideynta dayactirka maktabadda cryptographic OpenSSL 1.1.1j ayaa diyaar ah, taasoo hagaajinaysa laba dayacan:

  • CVE-2021-23841 waa tilmaame NULL ee shaqada X509_issuer_and_serial_hash(), kaas oo burburin kara codsiyada wacaya shaqadan si ay u qabtaan shahaadooyinka X509 oo leh qiime khaldan goobta soo saaraha.
  • CVE-2021-23840 waa qulqulka isugeynta ee EVP_CipherUpdate, EVP_EncryptUpdate, iyo EVP_DecryptUpdate hawlaha kuwaas oo keeni kara soo celinta qiimaha 1, oo tilmaamaya hawlgal guul leh, iyo dejinta cabbirka qiimaha taban, taas oo keeni karta in codsiyada shil ama carqaladeeyaan. dhaqanka caadiga ah.
  • CVE-2021-23839 waa cilad ku jirta hirgelinta ilaalinta dib-u-celinta ee isticmaalka borotokoolka SSLv2. Ka muuqda kaliya laantii hore 1.0.2.

Siideynta xirmada LibreSSL 3.2.4 ayaa sidoo kale la daabacay, kaas oo mashruuca OpenBSD uu ku horumarinayo fargeeto OpenSSL ah oo looga golleeyahay in la bixiyo heer sare oo ammaan ah. Siideynta ayaa caan ku ah dib ugu noqoshada koodkii hore ee shahaadaynta ee lagu isticmaalay LibreSSL 3.1.x sababtuna ay tahay nasasho ku timid codsiyada qaarkood oo leh xidhidh ku saabsan ka shaqaynta dhiqlaha koodkii hore. Ka mid ah hal-abuurka, ku-darka fulinta ee wax-soo-saarka dhoofiyaha iyo qaybaha autochain ee TLSv1.3 ayaa taagan.

Intaa waxaa dheer, waxaa jiray sii deyn cusub oo ah maktabadda isafgaradka ah ee wolfSSL 4.7.0, oo loo habeeyay in lagu isticmaalo aaladaha ku dhex jira ee leh processor-ka xaddidan iyo agabka xusuusta, sida Internetka aaladaha, nidaamyada guryaha smart, nidaamyada macluumaadka baabuurta, router-yada iyo taleefannada gacanta. . Xeerku wuxuu ku qoran yahay luqadda C waxaana lagu qaybiyaa shatiga GPLv2.

Nooca cusub waxaa ku jira taageerada RFC 5705 (Dhoofinta Agabka Furaha ee TLS) iyo S/MIME (Fidinta Boostada Internetka ee Sugan/Ujeedo Badan). Lagu daray "--enable-reproducible-build" calanka si loo xaqiijiyo dhismooyinka dib la soo saari karo. SSL_get_verify_mode API, X509_VERIFY_PARAM API iyo X509_STORE_CTX ayaa lagu daray lakabka si loo hubiyo la jaanqaadka OpenSSL. Makro WOLFSSL_PSK_IDENTITY_ALERT la fuliyay. Waxaa lagu daray hawl cusub _CTX_NoTicketTLSv12 si loo joojiyo tigidhada kulanka TLS 1.2, laakiin u ilaali TLS 1.3.

Source: opennet.ru

Add a comment