Zvinetso zvinogadzirwa nekupedzwa kweiyo DST Root CA X3 chitupa zvakatotanga

Nhasi isu tinogovana nhau pano pa blog pakugumiswa kweIdenTrust chitupa (DST Midzi CA X3) yakashandiswa kusaina Chitupa Chinyora CA chakakonzera matambudziko neRega Tinyorore chitupa sisitimu mumapurojekiti achishandisa vhezheni dzekare dzeOpenSSL neGnuTLS.

Idzo nyaya dzakabatawo raibhurari yeLibreSSL, avo vanogadzira havana kufunga nezve chiitiko chekare chine chekuita nenjodzi dzakazoitika mushure meAdrTrust midzi chitupa cheSectigo (Comodo) chitupa chemvumo chapera.

Uye ndizvo izvozvo muma OpenSSL vhezheni kusvika uye kusanganisira 1.0.2 uye muGnuTLS pamberi pa 3.6.14, kukanganisa kwakaitika kuti haina kubvumidza kugadziriswa kwechokwadi kwemasaiti akasainwa kana imwe yemidzi zvitupa zvakashandiswa kusaina yapera, kunyangwe zvimwe zvichibvumirwa zvakachengetwa.

 Musimboti wekukanganisa ndewekuti vhezheni dzapfuura dzeOpenSSL neGnuTLS dzakaburitsa chitupa seketani ine mutsetse, nepo zvichitaurwa neRFC 4158, chitupa chinogona kumiririra chati yakapihwa yakapihwa yakapihwa anchor anoverengeka anofanirwa kutarisirwa.

Nokuda kwayo chirongwa cheOpenBSD chakakurumidza kuburitsa zvigamba zvematavi 6.8 ne6.9 nhasi, iyo inogadzirisa nyaya muLibreSSL ine chitupa chakasainwa chitupa, imwe yemidzi zvitupa muketani yeketani yapera. Semhinduro kuchinetso, zvinokurudzirwa mu / etc / installurl, chinja kubva kuHTTPS kuenda kuHTTP (izvi hazvityisidzi chengetedzo, sekuvandudzwa kuri kuwedzera kusimbiswa nesiginicha yedhijitari) kana kusarudza imwe girazi (ftp.usa.openbsd.org , ftp.hostserver.de, cdn.openbsd .org).

Uyewo expired DST Root CA X3 chitupa chinogona kubviswa kubva ku /etc/ssl/cert.pem faira, uye iyo syspatch yekushandisa inoshandiswa kumisikidza binary system kugadzirisa yamira kushanda paOpenBSD.

Zvakafanana DragonFly BSD matambudziko anoitika kana uchishanda neDPorts. Pakutanga iyo pkg package maneja, chitupa chekusimbisa chikanganiso inogadzirwa. Iyo gadziriso yawedzerwa kumatavi makuru, DragonFly_RELEASE_6_0 uye DragonFly_RELEASE_5_8 nhasi. Sekushandira, iwe unogona kubvisa iyo DST Root CA X3 chitupa.

Kumwe kwekukundikana kwakaitika mushure mekunge chitupa cheIdenTrust chakanzurwa chaive chinotevera:

  • Iyo Ngatinyorore chitupa sisitimu yekuongorora yambovhiringidzwa mukushandisa zvichibva papuratifomu yeElectron. Iyi nyaya yakagadziriswa mune zvinyorwa 12.2.1, 13.5.1, 14.1.0, 15.1.0.
  • Kumwe kugovera kunonetsa kuwana mapakeji ekushandisa kana uchishandisa iyo APT package maneja inosanganisirwa neshanduro dzekare dzeGnuTLS raibhurari.
  • Debian 9 yakakanganiswa neye isina kunyorwa GnuTLS package, zvichikonzera matambudziko kuwana deb.debian.org kune vashandisi vasina kuisa zvigadziriso munguva (gadzirisa gnutls28-3.5.8-5 + deb9u6 yakakurudzirwa musi wa17 Gunyana).
  • Mutengi weacme akatyora OPNsense, nyaya yacho yakataurwa pamberi penguva, asi vanogadzira vakatadza kuburitsa chigamba nenguva.
  • Nyaya yacho yakabata OpenSSL 1.0.2k package paRHEL / CentOS 7, asi vhiki rapfuura yeRHEL 7 uye CentOS 7, inogadziridza kune ca-chitupa-2021.2.50-72.el7_9.noarch package yakagadzirwa, kubva Chitupa cheIdenTrust chakabviswa, ndiko kuti, kuratidzwa kwedambudziko kwakavharwa kare.
  • Sezvo izvo zvidzoreso zvakaburitswa kare, dambudziko neRega Encrypt chitupa ongororo chakabata chete vashandisi vekare RHEL / CentOS uye Ubuntu matavi, avo vasingaise zvigadziriso nguva dzose.
  • Chitupa sosi yekuongorora mu grpc yaputswa.
  • Yakundikana kugadzira Cloudflare peji chikuva.
  • Amazon Web Services (AWS) nyaya.
  • Vashandisi veDigitalOther vane dambudziko rekubatanidza kune dhatabhesi.
  • Netlify gore chikuva kutadza.
  • Zvinetso zvekuwana Xero services.
  • Kuedza kumisikidza kubatana kweTLS neMailGun Web API kwakundikana.
  • Bugs mune macOS uye iOS shanduro (11, 13, 14), izvo zvinofungidzirwa kuti zvaisafanira kunge zvakakanganiswa nedambudziko.
  • Catchpoint services kutadza.
  • Vakundikana kutarisa zvitupa kana uchiwana PostMan API.
  • Iyo Guardian Firewall yakadonha.
  • Kuvhiringidza paMonday.com peji rekutsigira.
  • Kupunzika papuratifomu yeCerb.
  • Hatigone kuongorora uptime muGoogle Cloud Monitoring.
  • Nyaya ine chitupa kusimbiswa paCisco Umbrella Yakachengeteka Webhu Gateway.
  • Matambudziko ekubatanidza kune Bluecoat uye Palo Alto proxies.
  • OVHcloud iri kunetseka kubatana neiyo OpenStack API.
  • Matambudziko ekugadzira mishumo muShopify.
  • Pane matambudziko ekuwana iyo Heroku API.
  • Tsaona muna Ledger Live Manager.
  • Chitupa chekusimbisa chikanganiso muFacebook application ekuvandudza maturusi.
  • Matambudziko muSophos SG UTM.
  • Matambudziko nechitupa ongororo muCPanel.

Seimwe mhinduro, zvinonzi zvinodzimwa chitupa «DST Midzi CA X3» kubva kuchitoro system (/etc/ca-certificates.conf uye / etc / ssl / certs) wobva wamhanya wekuraira "update-ca-certificates -f -v").

PaCentOS neRHEL, unogona kuwedzera chitupa che "DST Root CA X3" kune yakasvinwa.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako