Ukukhutshwa kogcino lwethala leencwadi le-OpenSSL cryptographic 3.0.2 kunye ne-1.1.1n ziyafumaneka. Uhlaziyo lulungisa ubuthathaka (CVE-2022-0778) obunokuthi busetyenziswe ukubangela ukwaliwa kwenkonzo (i-loping engapheliyo yomphathi). Ukuxhaphaza ubuthathaka, kwanele ukucubungula isatifikethi esenziwe ngokukodwa. Ingxaki yenzeka kuzo zombini izicelo zomncedisi kunye nabaxumi ezinokuqhuba izatifikethi ezinikezelwe ngumsebenzisi.
Ingxaki ibangelwa ligciwane kwi BN_mod_sqrt () umsebenzi, okhokelela kwiluphu xa ubala ingcambu yesquare modulo into ngaphandle kwenani eliphambili. Umsebenzi usetyenziswa xa kwahlulahlula izatifikethi ngezitshixo ezisekelwe kwiigophe ezijikelezayo. Umsebenzi wehla ekumiseleni iiparamitha zegophe ezingachanekanga kwisatifikethi. Kuba ingxaki yenzeka phambi kokuba utyikityo lwedijithali lwesatifikethi luqinisekiswe, uhlaselo lunokwenziwa ngumsebenzisi ongagunyaziswanga onokubangela umxhasi okanye isatifikethi somncedisi ukuba sithunyelwe kwiinkqubo zisebenzisa i-OpenSSL.
Ubuthathaka bukwachaphazela ithala leencwadi le-LibreSSL eliphuhliswe yiprojekthi ye-OpenBSD, ukulungiswa okucetyisiweyo kukhupho olululo lwe-LibreSSL 3.3.6, 3.4.3 kunye ne-3.5.1. Ukongeza, uhlalutyo lweemeko zokuxhaphaza ukuba sesichengeni lupapashiwe (umzekelo wesatifikethi esikhohlakeleyo esibangela ukukhenkceza asikathunyelwa esidlangalaleni).
umthombo: opennet.ru