ProHoster > Ibhulogi > iindaba ze-intanethi > I-OpenSSL 1.1.1j, wolfSSL 4.7.0 kunye nohlaziyo lwe-LibreSSL 3.2.4

I-OpenSSL 1.1.1j, wolfSSL 4.7.0 kunye nohlaziyo lwe-LibreSSL 3.2.4

Ukukhutshwa kogcino lwethala leencwadi le-OpenSSL cryptographic 1.1.1j liyafumaneka, elilungisa izinto ezimbini ezibuthathaka:

  • I-CVE-2021-23841 yi-NULL yesalathiso sokutyeshela isalathisi kwi-X509_issuer_and_serial_hash() umsebenzi, onokungqubana nezicelo ezibiza lo msebenzi ukusingatha izatifikethi ze-X509 ezinexabiso elingachanekanga kumhlaba womkhuphi.
  • I-CVE-2021-23840 yi-integer overflow kwi-EVP_CipherUpdate, EVP_EncryptUpdate, kunye ne-EVP_DecryptUpdate imisebenzi enokubangela ukubuyisela ixabiso le-1, ebonisa ukusebenza ngempumelelo, kunye nokubeka ubungakanani kwixabiso elibi, elinokubangela ukuba izicelo ziphazamiseke okanye ziphazamise. ukuziphatha okuqhelekileyo.
  • I-CVE-2021-23839 isiphene ekuphunyezweni kokhuseleko lokubuyela emva kokusetyenziswa kwe-SSLv2 protocol. Kubonakala kuphela kwisebe elidala 1.0.2.

Ukukhutshwa kwephakheji ye-LibreSSL 3.2.4 nayo ipapashwe, apho iprojekthi ye-OpenBSD iphuhlisa ifoloko ye-OpenSSL ejolise ekuboneleleni umgangatho ophezulu wokhuseleko. Ukukhutshwa kuphawuleka ngokubuyela kwikhowudi yesiqinisekiso esidala esisetyenziswe kwi-LibreSSL 3.1.x ngenxa yekhefu kwezinye izicelo ezinezibophelelo zokusebenza malunga neempazamo kwikhowudi endala. Phakathi kwezinto ezintsha, ukongezwa kokuphunyezwa komthengisi kunye namacandelo e-autochain kwi-TLSv1.3 ivelele.

Ukongeza, bekukho ukhupho olutsha lwe-compact cryptographic library wolfSSL 4.7.0, elungiselelwe ukusetyenziswa kwizixhobo ezizinzisiweyo ezineprosesa enyiniweyo kunye nemithombo yememori, efana ne-Intanethi yezixhobo zeZinto, iinkqubo zasekhaya ezihlakaniphile, iinkqubo zolwazi lwemoto, iirotha kunye neeselfowuni. . Ikhowudi ibhalwe ngolwimi C kwaye isasazwe phantsi kwelayisensi ye-GPLv2.

Inguqulelo entsha ibandakanya inkxaso yeRFC 5705 (Keying Material Exporters for TLS) kunye ne-S/MIME (Secure/Multipurpose Internet Mail Extensions). Kongezwe iflegi "--vumela-reproducible-build" ukuqinisekisa ukuveliswa kolwakhiwo. I-SSL_get_verify_mode API, X509_VERIFY_PARAM API kunye ne-X509_STORE_CTX zongezwe kumaleko ukuqinisekisa ukuhambelana ne-OpenSSL. Iphunyeziwe makhro WOLFSSL_PSK_IDENTITY_ALERT. Kongezwe umsebenzi omtsha _CTX_NoTicketTLSv12 ukuvala amatikiti eseshoni ye-TLS 1.2, kodwa uwagcinele i-TLS 1.3.

umthombo: opennet.ru

Thenga ukusingathwa okuthembekileyo kwiindawo ezinokhuseleko lweDDoS, iiseva zeVPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekileyo ngokhuseleko lwe-DDoS, iiseva zeVPS VDS | ProHoster