Ukukhutshwa kogcino lwethala leencwadi le-OpenSSL cryptographic 1.1.1k liyafumaneka, elilungisa izinto ezimbini ezibuthathaka ezibekelwe inqanaba lobunzima obuphezulu:
- I-CVE-2021-3450 - Kuyenzeka ukuba udlule ukuqinisekiswa kwesatifikethi segunya lesatifikethi xa iflegi ye-X509_V_FLAG_X509_STRICT ivuliwe, ekhutshaziwe ngokungagqibekanga kwaye isetyenziselwa ukukhangela ubukho bezatifikethi kwikhonkco. Ingxaki yaziswa kwi-OpenSSL 1.1.1h yokuphunyezwa kwetshekhi entsha ethintela ukusetyenziswa kwezatifikethi kwikhonkco elifaka ngokucacileyo iiparamitha ze-curve ezijikelezayo.
Ngenxa yempazamo kwikhowudi, itshekhi entsha igqithise isiphumo setshekhi eyenziwe ngaphambili yokuchaneka kwesatifikethi segunya lesatifikethi. Ngenxa yoko, izatifikethi eziqinisekisiweyo ngesatifikethi esizisayinileyo, esingadityaniswanga nekhonkco lokuthembela kugunyaziwe wesatifikethi, ziphathwe njengezithembekileyo ngokupheleleyo. Ukuba sesichengeni akubonakali ukuba "injongo" iparameter icwangcisiwe, emiselwa ngokungagqibekanga kumxhasi kunye neenkqubo zoqinisekiso lwesatifikethi somncedisi kwi libssl (esetyenziswa kwi TLS).
- I-CVE-2021-3449-Kuyenzeka ukuba kubangele ukuwohloka kweseva ye-TLS ngomthengi othumela umyalezo owenziwe ngokukodwa weClientHello. Umba unxulumene nesalathisi se-NULL ekuphunyezweni kolwandiso lwe-signature_algorithms. Umba yenzeka kuphela kwiiseva ezixhasa i-TLSv1.2 kwaye ivule uqhagamshelo lothethathethwano kwakhona (olwenziwa ngokungagqibekanga).
umthombo: opennet.ru