Abaphandi abavela kwiYunivesithi. Masaryk
Iiprojekthi ezaziwayo kakhulu ezichatshazelwa yindlela ecetywayo yokuhlaselwa yi-OpenJDK/OracleJDK (CVE-2019-2894) kunye nethala leencwadi.
Ingxaki sele ilungisiwe ekukhutshweni kwe-libgcrypt 1.8.5 kunye ne-wolfCrypt 4.1.0, iiprojekthi eziseleyo azikaveli ukuhlaziywa. Ungalandelela ulungiso lobuthathaka kwiphakheji ye-libgcrypt kunikezelo kula maphepha:
Ubuthathaka
libkcapi ukusuka kwiLinux kernel, iSodium kunye neGnuTLS.
Ingxaki ibangelwa kukukwazi ukumisela amaxabiso eebhithi zomntu ngamnye ngexesha lokuphindaphinda kwe-scalar kwimisebenzi ye-elliptic curve. Iindlela ezingathanga ngqo, ezinjengokuqikelela ukulibaziseka kokubala, zisetyenziselwa ukukhupha ulwazi oluncinci. Uhlaselo lufuna ufikelelo olungeyomfuneko kumamkeli apho utyikityo lwedijithali lwenziwa khona (hayi
Ngaphandle kobukhulu obungabalulekanga bokuvuza, kwi-ECDSA ukufunyanwa kwamasuntswana ambalwa ngolwazi malunga nevektha yokuqalisa (i-nonce) kwanele ukwenza uhlaselo lokubuyisela ngokulandelelana isitshixo sabucala siphela. Ngokwababhali bendlela, ukubuyisela ngempumelelo isitshixo, uhlalutyo lwamakhulu aliqela ukuya kwamawaka aliqela otyikityo lwedijithali oluveliswe kwimiyalezo eyaziwayo kumhlaseli lwanele. Ngokomzekelo, i-90 lamawaka esayinwe yedijithali yahlalutywa kusetyenziswa i-secp256r1 ijika eli-elliptic ukumisela isitshixo sangasese esisetyenziswe kwi-smart card ye-Athena IDProtect esekelwe kwi-Inside Secure AT11SC chip. Ixesha lokuhlaselwa lilonke laliyimizuzu engama-30.
umthombo: opennet.ru