ProHoster > Blog > litaba tsa inthanete > OpenSSL 1.1.1j, wolfSSL 4.7.0 le LibreSSL 3.2.4 ntlafatso

OpenSSL 1.1.1j, wolfSSL 4.7.0 le LibreSSL 3.2.4 ntlafatso

Tokollo ea tlhokomelo ea laeborari ea OpenSSL cryptographic 1.1.1j ea fumaneha, e lokisang mefokolo e 'meli:

  • CVE-2021-23841 ke NULL pointer dereference ho ts'ebetso ea X509_issuer_and_serial_hash(), e ka senyang lits'ebetso tse bitsang tšebetso ena ho sebetsana le litifikeiti tsa X509 tse nang le boleng bo fosahetseng sebakeng sa moabi.
  • CVE-2021-23840 ke kakaretso e khaphatsehang ho EVP_CipherUpdate, EVP_EncryptUpdate, le EVP_DecryptUpdate mesebetsi e ka fellang ka ho khutlisa boleng ba 1, ho bonts'a ts'ebetso e atlehileng, le ho beha boholo ho boleng bo bobe, bo ka bakang lits'ebetso ho senyeha kapa ho senya. boitšoaro bo tloaelehileng.
  • CVE-2021-23839 ke phoso ts'ebetsong ea ts'ireletso ea rollback bakeng sa ts'ebeliso ea protocol ea SSLv2. E hlaha feela lekaleng la khale 1.0.2.

Ho lokolloa ha sephutheloana sa LibreSSL 3.2.4 le hona ho hatisitsoe, moo morero oa OpenBSD o ntseng o hlahisa fereko ea OpenSSL e reretsoeng ho fana ka boemo bo phahameng ba tšireletso. Ho lokolloa hoa hlokomeleha bakeng sa ho khutlela ho khoutu ea khale ea netefatso ea setifikeiti e sebelisitsoeng ho LibreSSL 3.1.x ka lebaka la khefu lits'ebetsong tse ling tse nang le litlamo tsa ho sebetsa ho potoloha liphoso khoutung ea khale. Har'a mekhoa e mecha, kenyelletso ea ts'ebetsong ea likarolo tse tsoang kantle ho naha le autochain ho TLSv1.3 e hlahella.

Ho feta moo, ho bile le tokollo e ncha ea laeborari ea compact cryptographic wolfSSL 4.7.0, e ntlafalitsoeng hore e sebelisoe lisebelisoa tse kentsoeng tse nang le processor e lekanyelitsoeng le lisebelisoa tsa memori, joalo ka lisebelisoa tsa Marang-rang a Lintho, litsamaiso tse bohlale tsa lapeng, sistimi ea tlhahisoleseling ea makoloi, lirutha le mehala ea cellular. . Khoutu e ngotsoe ka puo ea C 'me e ajoa tlas'a laesense ea GPLv2.

Phetolelo e ncha e kenyelletsa tšehetso bakeng sa RFC 5705 (Keying Material Exporters bakeng sa TLS) le S/MIME (Secure/Multipurpose Internet Mail Extensions). E kentse folakha ea "-enable-reproducible-build" ho netefatsa hore meaho e ka ntlafala. SSL_get_verify_mode API, X509_VERIFY_PARAM API le X509_STORE_CTX li kentsoe lera ho netefatsa hore li tsamaellana le OpenSSL. E kentsoe tšebetsong e kholo ea WOLFSSL_PSK_IDENTITY_ALERT. E kentse tšebetso e ncha _CTX_NoTicketTLSv12 ho tima litekete tsa nako ea TLS 1.2, empa li boloketsoe TLS 1.3.

Source: opennet.ru

Eketsa ka tlhaloso