I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Ikhono lokukhiqiza amasiginesha e-dummy ECDSA ku-Java SE. Ukuba sengozini ku-MySQL, VirtualBox kanye neSolaris

Ikhono lokukhiqiza amasiginesha e-dummy ECDSA ku-Java SE. Ukuba sengozini ku-MySQL, VirtualBox kanye neSolaris

I-Oracle ishicilele ukukhishwa okuhleliwe kwezibuyekezo emikhiqizweni yayo (Isibuyekezo Sesiqeshana Esibucayi), okuhloswe ngaso ukuqeda izinkinga ezibucayi kanye nokuba sengozini. Isibuyekezo sika-April silungise isamba esingu-520 sokuba sengozini.

Ezinye izinkinga:

  • 6 Izinkinga Zokuphepha ku-Java SE. Bonke ubungozi bungasetshenziswa ukude ngaphandle kokuqinisekisa futhi buthinte izindawo ezivumela ukwenziwa kwekhodi engathenjwa. Izinkinga ezimbili zinikezwe izinga lobunzima lika-7.5. Ubungozi buxazululiwe ekukhishweni kwe-Java SE 18.0.1, 11.0.15, kanye no-8u331.

    Enye yezinkinga (i-CVE-2022-21449) ikuvumela ukuthi ukhiqize isiginesha yedijithali ye-ECDSA engelona iqiniso usebenzisa imingcele yejika elinguziro lapho uyikhiqiza (uma imingcele inguziro, khona-ke ijika liya ku-infinity, ngakho-ke amanani aziro avinjelwe ngokusobala imininingwane). Imitapo yolwazi ye-Java ayizange ihlole amanani angenalutho wemingcele ye-ECDSA, ngakho-ke lapho icubungula amasiginesha ngamapharamitha angenalutho, i-Java iwabheka njengavumelekile kuzo zonke izimo).

    Phakathi kwezinye izinto, ubungozi bungasetshenziswa ukukhiqiza izitifiketi ze-TLS ezingelona iqiniso ezizokwamukelwa ku-Java njengezilungile, kanye nokudlula ukuqinisekiswa nge-WebAuthn futhi kukhiqize amasiginesha e-JWT angamanga namathokheni e-OIDC. Ngamanye amazwi, ukuba sengozini kukuvumela ukuthi ukhiqize izitifiketi zomhlaba wonke namasignesha azokwamukelwa futhi abonwe njengalungile kuzibambi ze-Java ezisebenzisa amakilasi ajwayelekile e-java.security.* ukuze kuqinisekiswe. Inkinga ivela emagatsheni e-Java 15, 16, 17 no-18. Isibonelo sokukhiqiza izitifiketi zomgunyathi siyatholakala. jshell> ngenisa i-java.security.* jshell> var keys = KeyPairGenerator.getInstance("EC").generateKeyPair() keys ==> java.security.KeyPair@626b2d4a jshell> var blankSignature = byte entsha[64] =>Isiginesha byte[64] {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, … , 0, 0, 0, 0, 0, 0, 0, 0} jshell > var sig = Signature.getInstance("SHA256WithECDSAInP1363Format") sig ==> Into yesiginesha: SHA256WithECDSAInP1363Format jshell> sig.initVerify(keys.getPublic()) jshell> sig.update("Sawubona, Umhlaba".getBytes()) jshell> sig.verify(blankSignature) $8 ==> iqiniso

  • 26 kuseva ye-MySQL, okubili kwakho okungaxhashazwa ukude. Izinkinga ezibucayi kakhulu ezihlotshaniswa nokusetshenziswa kwe-OpenSSL kanye ne-protobuf zinikezwe izinga lokuqina lika-7.5. Ubungozi obuncane kakhulu buthinta isilungiseleli, i-InnoDB, ukuphindaphinda, i-plugin ye-PAM, i-DDL, i-DML, i-FTS nokuloga. Izinkinga zaxazululwa ku-MySQL Community Server 8.0.29 kanye nokukhishwa okungu-5.7.38.
  • 5 ubungozi kuVirtualBox. Izinkinga zinikezwe izinga lobunzima ukusuka ku-7.5 kuye ku-3.8 (ukuba sengozini okuyingozi kakhulu kuvela kuphela epulatifomu ye-Windows). Ubungozi bulungisiwe kusibuyekezo se-VirtualBox 6.1.34.
  • 6 ubungozi eSolaris. Izinkinga zithinta i-kernel nezinsiza. Inkinga enkulu kakhulu ezinsizeni inikezwe izinga lengozi elingu-8.2. Ubungozi buyaxazululwa kusibuyekezo se-Solaris 11.4 SRU44.

Source: opennet.ru

Engeza amazwana