Kulabhulali ye-LibKSBA, ethuthukiswe iphrojekthi ye-GnuPG futhi ihlinzeka ngemisebenzi yokusebenza ngezitifiketi ze-X.509, ubungozi obubalulekile buhlonziwe (i-CVE-2022-3515), okuholela ekuchichimeni okuphelele nokubhala idatha engaqondakali ngale kwebhafa enikeziwe lapho kudluliswa. Izakhiwo ze-ASN.1 ezisetshenziswa ku-S/MIME, X.509 naku-CMS. Inkinga ibhebhethekiswa ukuthi ilabhulali ye-Libksba isetshenziswa kuphakheji ye-GnuPG futhi ukuba sengozini kungaholela ekusetshenzisweni kwekhodi yesilawuli kude ngumhlaseli lapho i-GnuPG (gpgsm) icubungula idatha ebethelwe noma esayiniwe evela kumafayela noma imilayezo ye-imeyili isebenzisa i-S/MIME. Esimeni esilula, ukuhlasela isisulu usebenzisa iklayenti le-imeyili elisekela i-GnuPG ne-S/MIME, kwanele ukuthumela incwadi eklanywe ngokukhethekile.
Ukuba sengozini kungase futhi kusetshenziselwe ukuhlasela amaseva e-dirmngr alanda futhi ahlaziye uhlu lokuhoxiswa kwezitifiketi (ama-CRL) futhi aqinisekise izitifiketi ezisetshenziswa ku-TLS. Ukuhlaselwa kwe-dirmngr kungenziwa kusuka kuseva yewebhu elawulwa umhlaseli, ngokubuyiswa kwama-CRL aklanywe ngokukhethekile noma izitifiketi. Kuyaphawulwa ukuthi izinto ezitholakala esidlangalaleni ze-gpgsm ne-dirmngr azikakahlonzwa, kodwa ubungozi bujwayelekile futhi akukho okuvimbela abahlaseli abaqeqeshiwe ekulungiseleleni ukuxhaphaza ngokwabo.
Ukuba sengozini kulungisiwe ekukhishweni kwe-Libksba 1.6.2 naku-GnuPG 2.3.8 kanambambili yokwakha. Ekusatshalalisweni kwe-Linux, umtapo wezincwadi we-Libksba uvamise ukunikezwa njengokuncika okuhlukile, futhi ku-Windows ukwakha yakhelwe kuphakheji yokufaka enkulu nge-GnuPG. Ngemva kokubuyekeza, khumbula ukuqala kabusha izinqubo zasemuva ngomyalo othi “gpgconf –kill all”. Ukuze uhlole ukuba khona kwenkinga ekukhishweni komyalo we-“gpgconf –show-versions”, ungahlola umugqa “KSBA ....”, okumele ubonise inguqulo okungenani engu-1.6.2.
Izibuyekezo zokusabalalisa azikakhishwa, kodwa ungakwazi ukulandelela ukutholakala kwazo emakhasini: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD. Ukuba sengozini kukhona futhi kumaphakheji we-MSI ne-AppImage ane-GnuPG VS-Desktop naku-Gpg4win.
Source: opennet.ru