最近收到了服务器有漏洞的通知,提示:RHSA-2021:1145:nettle安全更新,主要影响是使用已被攻破或存在风险的密码学算法,接下来www.gui2000.com就为大家介绍一下nettle安全更新的解决方法,有需要的小伙伴可以参考一下:

1、漏洞提示:

RHSA-2021:1145: nettle 安全更新

2、漏洞描述:

漏洞编号 漏洞公告 漏洞描述
CVE-2021-20305

nettle_project nettle 使用已被攻破或存在风险的密码学算法

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

3、影响说明:

软件:nettle 2.7.1-8.el7
命中:nettle version less than 0:2.7.1-9.el7_9
路径:/usr/bin/nettle-hash

4、受影响软件情况:

5、解决方法:

yum update nettle

6、重启验证:

reboot

7、链接参考:

    (1)、https://bugzilla.redhat.com/show_bug.cgi?id=1942533


以上就是www.gui2000.com为大家介绍的关于screen安全更新的解决方法的全部内容了,希望对大家有所帮助,了解更多相关文章请关注www.gui2000.com网!