Abacwaningi baseNyuvesi. I-Masaryk
Amaphrojekthi aziwa kakhulu athintwa indlela yokuhlasela ehlongozwayo yi-OpenJDK/OracleJDK (CVE-2019-2894) kanye nomtapo wolwazi.
Inkinga isivele ilungisiwe ekukhishweni kwe-libgcrypt 1.8.5 kanye ne-wolfCrypt 4.1.0, amaphrojekthi asele awakakhiqizi izibuyekezo. Ungakwazi ukulandelela ukulungiswa kokuba sengozini kuphakheji ye-libgcrypt ekusatshalalisweni kulawa makhasi:
Ukuba sengozini
libkcapi kusuka ku-Linux kernel, i-Sodium ne-GnuTLS.
Inkinga ibangelwa ikhono lokunquma amanani amabhithi angawodwana ngesikhathi sokuphindaphinda kwe-scalar emisebenzini ye-elliptic curve. Izindlela ezingaqondile, njengokulinganisa ukubambezeleka kokubala, zisetshenziselwa ukukhipha ulwazi oluncane. Ukuhlasela kudinga ukufinyelela okungenanjongo kumsingathi lapho kukhiqizwa khona isiginesha yedijithali (hhayi
Naphezu kobukhulu obuncane bokuvuza, ku-ECDSA ukutholwa ngisho nezingcezu ezimbalwa ngolwazi mayelana nevektha yokuqalisa (nonce) kwanele ukwenza ukuhlasela ukuze kutholwe wonke ukhiye oyimfihlo ngokulandelana kwawo. Ngokusho kwababhali bendlela, ukubuyisela ngempumelelo ukhiye, ukuhlaziya amasignesha edijithali angamakhulu ambalwa kuya ezinkulungwaneni ezimbalwa ezenzelwe imilayezo eyaziwa umhlaseli kwanele. Isibonelo, amasiginesha edijithali ayizinkulungwane eziyi-90 ahlaziywa kusetshenziswa ijika eliyielliptic le-secp256r1 ukuze kutholwe ukhiye oyimfihlo osetshenziswe kukhadi elihlakaniphile le-Athena IDProtect elisuselwa ku-Inside Secure AT11SC chip. Isikhathi esiphelele sokuhlasela bekuyimizuzu engama-30.
Source: opennet.ru