阿里云修复RHSA-2021:1145: nettle 安全更新

最近收到了服务器有漏洞的通知,提示:RHSA-2021:1145:nettle安全更新,主要影响是使用已被攻破或存在风险的密码学算法,接下来吾爱编程就为大家介绍一下nettle安全更新的解决方法,有需要的小伙伴可以参考一下:

RHSA-2021:1145: nettle 安全更新

1、漏洞提示:

RHSA-2021:1145: nettle 安全更新

2、漏洞描述:

漏洞编号 漏洞公告 漏洞描述
CVE-2021-20305

nettle_project nettle 使用已被攻破或存在风险的密码学算法

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

3、影响说明:

软件:nettle 2.7.1-8.el7
命中:nettle version less than 0:2.7.1-9.el7_9
路径:/usr/bin/nettle-hash

4、受影响软件情况:

RHSA-2021:1145: nettle 安全更新

5、解决方法:

此处内容已隐藏,需要  评论后刷新一下  才可以查看哦

6、重启验证:

reboot


本博客所有文章如无特别注明均为原创。作者:小乐复制或转载请以超链接形式注明转自 众众帮
原文地址《阿里云修复RHSA-2021:1145: nettle 安全更新
分享到:更多

相关推荐

发表评论

路人甲 表情
Ctrl+Enter快速提交

网友评论(0)