{"id":242235,"date":"2022-07-06T11:50:13","date_gmt":"2022-07-06T13:50:13","guid":{"rendered":"https:\/\/teknomers.com\/fr\/openssl-publie-un-correctif-pour-un-bogue-de-haute-gravite-qui-pourrait-conduire-a-des-attaques-rce\/"},"modified":"2022-07-06T11:50:14","modified_gmt":"2022-07-06T13:50:14","slug":"openssl-publie-un-correctif-pour-un-bogue-de-haute-gravite-qui-pourrait-conduire-a-des-attaques-rce","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/openssl-publie-un-correctif-pour-un-bogue-de-haute-gravite-qui-pourrait-conduire-a-des-attaques-rce\/","title":{"rendered":"OpenSSL publie un correctif pour un bogue de haute gravit\u00e9 qui pourrait conduire \u00e0 des attaques RCE"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Les mainteneurs du projet OpenSSL ont publi\u00e9 des correctifs pour r\u00e9soudre un bogue de haute gravit\u00e9 dans la biblioth\u00e8que cryptographique qui pourrait potentiellement conduire \u00e0 l&#8217;ex\u00e9cution de code \u00e0 distance dans certains sc\u00e9narios.<\/p>\n<p>La <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/openssl\/openssl\/issues\/18625\" target=\"_blank\">publier<\/a>d\u00e9sormais affect\u00e9 de l&#8217;identifiant <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-2274\" target=\"_blank\"><strong>CVE-2022-2274<\/strong><\/a>a \u00e9t\u00e9 d\u00e9crit comme un cas de corruption de m\u00e9moire de tas avec une op\u00e9ration de cl\u00e9 priv\u00e9e RSA qui a \u00e9t\u00e9 introduite dans OpenSSL version 3.0.4 publi\u00e9e le 21 juin 2022.<\/p>\n<p>Lanc\u00e9 pour la premi\u00e8re fois en 1998, OpenSSL est une solution \u00e0 usage g\u00e9n\u00e9ral <a rel=\"nofollow noopener\" href=\"https:\/\/www.digicert.com\/kb\/ssl-support\/openssl-quick-reference-guide.htm\" target=\"_blank\">biblioth\u00e8que de cryptographie<\/a> qui offre une impl\u00e9mentation open source des protocoles Secure Sockets Layer (SSL) et Transport Layer Security (TLS), permettant aux utilisateurs de g\u00e9n\u00e9rer des cl\u00e9s priv\u00e9es, de cr\u00e9er des demandes de signature de certificat (<a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Certificate_signing_request\" target=\"_blank\">CSR<\/a>), installez les certificats SSL\/TLS.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowdsec-tour-d\" target=\"_blank\" title=\"CyberSecurity\"><img loading=\"lazy\" decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" src=\"https:\/\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEj6zHdXd3qpCksF0nkMkrjsOzaw-cxZGPHWoTEp9y7VPIeyPBFGsmIyIX8NTkqI1IDqnIXYnsZuIh4rc9f8TNUn7ndAZqtXc-t58X2oueTaL4Ijb4hgH-b183QvQ0ienXIipuOsqeLP5b8I2prKmp0RWvdZQgnKehVRKbqRQpin1JgfwlZeE_IB4EmesQ\/s1600\/crowdsec-728.jpg\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>&#8220;Les serveurs SSL\/TLS ou d&#8217;autres serveurs utilisant des cl\u00e9s priv\u00e9es RSA 2048 bits s&#8217;ex\u00e9cutant sur des machines prenant en charge les instructions AVX512IFMA de l&#8217;architecture X86_64 sont concern\u00e9s par ce probl\u00e8me&#8221;, indique l&#8217;avis. <a rel=\"nofollow noopener\" href=\"https:\/\/www.openssl.org\/news\/secadv\/20220705.txt\" target=\"_blank\">c&#8217;est not\u00e9<\/a>.<\/p>\n<p>Appelant cela un &#8220;bogue s\u00e9rieux dans l&#8217;impl\u00e9mentation de RSA&#8221;, les responsables ont d\u00e9clar\u00e9 que la faille pourrait entra\u00eener une corruption de la m\u00e9moire pendant le calcul qui pourrait \u00eatre militaris\u00e9e par un attaquant pour d\u00e9clencher l&#8217;ex\u00e9cution de code \u00e0 distance sur la machine effectuant le calcul.<\/p>\n<p>Xi Ruoyao, un doctorat.  \u00e9tudiant \u00e0 l&#8217;Universit\u00e9 de Xidian, a \u00e9t\u00e9 cr\u00e9dit\u00e9 d&#8217;avoir signal\u00e9 la faille \u00e0 OpenSSL le 22 juin 2022. Il est recommand\u00e9 aux utilisateurs de la biblioth\u00e8que de passer \u00e0 <a rel=\"nofollow noopener\" href=\"https:\/\/www.openssl.org\/news\/vulnerabilities.html\" target=\"_blank\">OpenSSL version 3.0.5<\/a> pour att\u00e9nuer toute menace potentielle.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/07\/openssl-releases-patch-for-high.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Les mainteneurs du projet OpenSSL ont publi\u00e9 des correctifs pour r\u00e9soudre un bogue de haute gravit\u00e9 dans la biblioth\u00e8que cryptographique qui pourrait potentiellement conduire \u00e0 l&#8217;ex\u00e9cution de code \u00e0 distance dans certains sc\u00e9narios. La publierd\u00e9sormais affect\u00e9 de l&#8217;identifiant CVE-2022-2274a \u00e9t\u00e9 d\u00e9crit comme un cas de corruption de m\u00e9moire de tas avec une op\u00e9ration de cl\u00e9 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":242236,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[8074,6813,4168,12272,32471,4158,4165,4161,133,11128,11685,4157,4159,4171,4170,4167,4160,4163,4162,28969,185,2102,2212,364,22778,4172,4169,4166,4164],"class_list":["post-242235","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-attaques","tag-bogue","tag-comment-pirater","tag-conduire","tag-correctif","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-des","tag-gravite","tag-haute","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-openssl","tag-pour","tag-pourrait","tag-publie","tag-qui","tag-rce","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/242235","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=242235"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/242235\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/242236"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=242235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=242235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=242235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}