Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Scientific Linux 7 x86_64 SLSA-2016:2582-2 Moderate Nettle Security Update

Calendar Dec 14, 2016 User Avatar LinuxSecurity Advisories
1 - 2 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate bug fix cryptographic issue nettle scientific linux decryption flaw
Moderate: nettle security and bug fix update 
Date: Wed, 14 Dec 2016 18:08:46 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Scott Reid 
Subject: Security ERRATA Moderate: nettle on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20161214180846.15410.63347@slpackages.fnal.gov>

Synopsis: Moderate: nettle security and bug fix update
Advisory ID: SLSA-2016:2582-2
Issue Date: 2016-11-03
CVE Numbers: CVE-2015-8803
 CVE-2015-8804
 CVE-2015-8805
 CVE-2016-6489
--

Security Fix(es):

* Multiple flaws were found in the way nettle implemented elliptic curve
scalar multiplication. These flaws could potentially introduce
cryptographic weaknesses into nettle's functionality. (CVE-2015-8803,
CVE-2015-8804, CVE-2015-8805)

* It was found that nettle's RSA and DSA decryption code was vulnerable to
cache-related side channel attacks. An attacker could use this flaw to
recover the private key from a co-located virtual-machine instance.
(CVE-2016-6489)

Additional Changes:
--

SL7
 x86_64
 nettle-2.7.1-8.el7.i686.rpm
 nettle-2.7.1-8.el7.x86_64.rpm
 nettle-debuginfo-2.7.1-8.el7.i686.rpm
 nettle-debuginfo-2.7.1-8.el7.x86_64.rpm
 nettle-devel-2.7.1-8.el7.i686.rpm
 nettle-devel-2.7.1-8.el7.x86_64.rpm

- Scientific Linux Development Team

Related News

Your message here