Ukukhishwa kokulungiswa komtapo wezincwadi we-cryptographic we-OpenSSL 1.1.1k kuyatholakala, okulungisa ubungozi obubili obunikezwe izinga eliphezulu lokuqina:
- I-CVE-2021-3450 - Kuyenzeka udlule ukuqinisekiswa kwesitifiketi segunya lesitifiketi uma ifulegi le-X509_V_FLAG_X509_STRICT linikwe amandla, elikhutshazwa ngokuzenzakalela futhi lisetshenziselwa ukuhlola ubukhona bezitifiketi kuchungechunge. Inkinga yethulwa ekusetshenzisweni kwe-OpenSSL 1.1.1h kokuhlola okusha okwenqabela ukusetshenziswa kwezitifiketi ochungechungeni olufaka ikhodi ngokusobala amapharamitha ejika eliyi-elliptic.
Ngenxa yephutha kukhodi, isheke elisha leqe umphumela wokuhlolwa okwenziwe ngaphambilini ukuze uthole ukulunga kwesitifiketi segunya lesitifiketi. Ngenxa yalokho, izitifiketi ezigunyazwe yisitifiketi esizisayinele, esingaxhunywanga uchungechunge lokwethenjwa kwabasemagunyeni abanikeza izitifiketi, zithathwe njengezithembekile ngokugcwele. Ukuba sengozini akubonakali uma ipharamitha “yenjongo” isethiwe, ehlelwa ngokuzenzakalelayo kuklayenti nezinqubo zokuqinisekisa isitifiketi seseva ku-libssl (esetshenziselwa i-TLS).
- I-CVE-2021-3449 - Kuyenzeka ubangele ukuphahlazeka kweseva ye-TLS ngeklayenti elithumela umlayezo oklanywe ngokukhethekile we-ClientHello. Inkinga ihlobene nokuyeka ukubhekisela kwesikhombi esingu-NULL ekusetshenzisweni kwesandiso_sama-algorithms wokusayina. Inkinga yenzeka kuphela kumaseva asekela i-TLSv1.2 futhi anike amandla ukuxoxisana kabusha koxhumano (kunikwe amandla ngokuzenzakalela).
Source: opennet.ru