Ukukhutshwa kogcino lwethala leencwadi le-OpenSSL cryptographic 1.1.1k liyafumaneka, elilungisa izinto ezimbini ezibuthathaka ezibekelwe inqanaba lobunzima obuphezulu:
- I-CVE-2021-3450 - Kuyenzeka ukuba udlule ukuqinisekiswa kwesatifikethi segunya lesatifikethi xa iflegi ye-X509_V_FLAG_X509_STRICT ivuliwe, ekhutshaziwe ngokungagqibekanga kwaye isetyenziselwa ukukhangela ubukho bezatifikethi kwikhonkco. Ingxaki yaziswa kwi-OpenSSL 1.1.1h yokuphunyezwa kwetshekhi entsha ethintela ukusetyenziswa kwezatifikethi kwikhonkco elifaka ngokucacileyo iiparamitha ze-curve ezijikelezayo.
Ngenxa yempazamo kwikhowudi, itshekhi entsha igqithise isiphumo setshekhi eyenziwe ngaphambili yokuchaneka kwesatifikethi segunya lesatifikethi. Ngenxa yoko, izatifikethi eziqinisekisiweyo ngesatifikethi esizisayinileyo, esingadityaniswanga nekhonkco lokuthembela kugunyaziwe wesatifikethi, ziphathwe njengezithembekileyo ngokupheleleyo. Ukuba sesichengeni akubonakali ukuba "injongo" iparameter icwangcisiwe, emiselwa ngokungagqibekanga kumxhasi kunye neenkqubo zoqinisekiso lwesatifikethi somncedisi kwi libssl (esetyenziswa kwi TLS).
- I-CVE-2021-3449 – Ithuba lokubangela ingozi umncedisi I-TLS ithunyelwa ngumthengi umyalezo weClientHello owenziwe ngokukodwa. Le ngxaki inxulumene nokungacaci kwe-NULL pointer kwi-signature_algorithms extension implementation. Le ngxaki izibonakalisa kuphela kwi iiseva ngenkxaso yeTLSv1.2 kunye nokuxoxisana ngonxibelelwano okuvuliweyo (okuvuliweyo ngokuzenzekelayo).
umthombo: opennet.ru
