I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > I-OpenSSL 1.1.1j, wolfSSL 4.7.0 kanye nesibuyekezo se-LibreSSL 3.2.4

I-OpenSSL 1.1.1j, wolfSSL 4.7.0 kanye nesibuyekezo se-LibreSSL 3.2.4

Ukukhishwa kokulungiswa komtapo wezincwadi we-OpenSSL cryptographic 1.1.1j kuyatholakala, okulungisa ubungozi obubili:

  • I-CVE-2021-23841 iyireferensi yesikhombi esingu-NULL kumsebenzi we-X509_issuer_and_serial_hash(), engaphahlaza izinhlelo zokusebenza ezibiza lo msebenzi ukuze zibambe izitifiketi ze-X509 ezinenani elingalungile kunkambu yokhiphayo.
  • I-CVE-2021-23840 iyinani elichichimayo kumsebenzi we-EVP_CipherUpdate, EVP_EncryptUpdate, kanye ne-EVP_DecryptUpdate okungaholela ekubuyiseleni inani elingu-1, okubonisa ukusebenza okuyimpumelelo, nokusetha usayizi kunani elibi, elingabangela izinhlelo zokusebenza ukuthi ziphahlazeke noma ziphazamise. ukuziphatha okuvamile.
  • I-CVE-2021-23839 iyiphutha ekusetshenzisweni kokuvikela ukubuyisela emuva ukusetshenziswa kwephrothokholi ye-SSLv2. Ivela kuphela egatsheni elidala 1.0.2.

Ukukhishwa kwephakheji ye-LibreSSL 3.2.4 nakho kushicilelwe, lapho iphrojekthi ye-OpenBSD ithuthukisa imfoloko ye-OpenSSL okuhloswe ngayo ukuhlinzeka ngezinga eliphezulu lokuphepha. Ukukhishwa kuphawuleka ngokubuyela kukhodi yokuqinisekisa yesitifiketi esidala esetshenziswe ku-LibreSSL 3.1.x ngenxa yekhefu kwezinye izinhlelo zokusebenza ezinesibopho sokusebenza eduze kweziphazamisi kukhodi endala. Phakathi kwezinto ezintsha, ukungezwa kokuqaliswa komthengisi kanye nezingxenye ze-autochain ku-TLSv1.3 kuyagqama.

Ngaphezu kwalokho, kube nokukhishwa okusha komtapo wezincwadi ohlangene we-cryptographic wolfSSL 4.7.0, olungiselelwe ukusetshenziswa kumadivayisi ashumekiwe anokucubungula okulinganiselwe nezisetshenziswa zenkumbulo, ezifana namadivayisi e-inthanethi Yezinto, amasistimu asekhaya ahlakaniphile, amasistimu olwazi lwezimoto, amarutha namaselula. . Ikhodi ibhalwe ngolimi C futhi isatshalaliswa ngaphansi kwelayisensi ye-GPLv2.

Inguqulo entsha ihlanganisa ukusekelwa kwe-RFC 5705 (Keying Material Exporters for TLS) kanye ne-S/MIME (Secure/Multipurpose Internet Mail Extensions). Kwengezwe iflegi elithi "-nika amandla-ukwakha kabusha" ukuze kuqinisekiswe izakhiwo ezikhiqizekayo. I-SSL_get_verify_mode API, X509_VERIFY_PARAM API kanye ne-X509_STORE_CTX zengezwe kusendlalelo ukuze kuqinisekiswe ukuhambisana ne-OpenSSL. Kusetshenziswe amakhro WOLFSSL_PSK_IDENTITY_ALERT. Kwengezwe umsebenzi omusha _CTX_NoTicketTLSv12 ukuze ukhubaze amathikithi eseshini ye-TLS 1.2, kodwa uwalondolozele i-TLS 1.3.

Source: opennet.ru

Engeza amazwana