Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 20.10: 4906-1 Moderate: Nettle Denial of Service Issue

ubuntu
Calendar Grey April 13, 2021
Dist Ubuntu Esm H88
Varied editions of Ubuntu may face potential signature verification failures or crashes due to Nettle; patches are out.
Nettle could be made to crash or bypass signature verification if it opened a specially crafted certificate.

Summary

Nettle could be made to crash or bypass signature verification if it

opened a specially crafted certificate.

Software Description:

- nettle: low level cryptographic library

Details:

It was discovered that Nettle incorrectly handled signature verification.

A remote attacker could use this issue to cause Nettle to crash, resulting

in a denial of service, or possibly force invalid signatures.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  libnettle8                      3.6-2ubuntu0.1

Ubuntu 20.04 LTS:
  libnettle7                      3.5.1+really3.5.1-2ubuntu0.1

Ubuntu 18.04 LTS:
  libnettle6                      3.4-1ubuntu0.1

Ubuntu 16.04 LTS:
  libnettle6                      3.2-1ubuntu0.16.04.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4906-1

CVE-2021-20305

Severity
important
Lowest
Low
Medium
High
Critical

April 13, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here