Ukukhishwa okulungile komtapo wolwazi we-OpenSSL cryptographic 3.0.1 kanye no-1.1.1m kuyatholakala. Inguqulo engu-3.0.1 ilungise ukuba sengozini (CVE-2021-4044), futhi cishe iziphazamisi eziyishumi nambili zalungiswa kukho kokubili ukukhishwa.
Ubungozi bukhona ekusetshenzisweni kwamaklayenti e-SSL/TLS futhi kuhlobene nokuthi ilabhulali ye-libssl iphatha ngokungalungile amakhodi ephutha abuyiswe umsebenzi we-X509_verify_cert(), obizelwe ukuqinisekisa isitifiketi esidluliselwe kuklayenti yiseva. Amakhodi angalungile abuyiselwa uma kwenzeka amaphutha angaphakathi, isibonelo, uma imemori ingeke yabelwe isilondolozi. Uma iphutha elinjalo libuyiselwa, izingcingo ezilandelayo eziya emisebenzini ye-I/O efana ne-SSL_connect() kanye ne-SSL_do_handshake() zizobuyisela ukwehluleka kanye nekhodi yephutha ye-SSL_ERROR_WANT_RETRY_VERIFY, okufanele ibuyiswe kuphela uma uhlelo lokusebenza lushaye ucingo ngaphambilini oluya ku-SSL_CTX_set_cert_verify_callback().
Njengoba izinhlelo zokusebenza eziningi zingashayeli i-SSL_CTX_set_cert_verify_callback(), ukwenzeka kwephutha le-SSL_ERROR_WANT_RETRY_VERIFY kungahunyushwa ngokungeyikho futhi kubangele ukuphahlazeka, iluphu, noma enye impendulo engalungile. Inkinga iyingozi kakhulu uma ihlanganiswa nesinye isiphazamisi ku-OpenSSL 3.0, esidala iphutha langaphakathi lapho sicubungula izitifiketi kokuthi X509_verify_cert() ngaphandle kwesandiso sokuthi "Igama Lelinye Lesihloko", kodwa elibophezelekayo kwimikhawulo yokusetshenziswa. Kulesi simo, ukuhlasela kungaholela ekudidekeni okuqondene nohlelo lokusebenza ekuphathweni kwesitifiketi kanye nokusungulwa kweseshini ye-TLS.
Source: opennet.ru