Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 21.04 USN-4990-1 Moderate: Nettle Denial Of Service

ubuntu
Calendar Grey June 17, 2021
Dist Ubuntu Esm H88
Nettle patches for several Ubuntu distributions resolve critical vulnerabilities, such as potential remote denial of service threats.
Several security issues were fixed in Nettle.

Summary

Several security issues were fixed in Nettle.

Software Description:

- nettle: low level cryptographic library

Details:

It was discovered that Nettle incorrectly handled RSA decryption. A remote

attacker could possibly use this issue to cause Nettle to crash, resulting

in a denial of service. (CVE-2021-3580)

It was discovered that Nettle incorrectly handled certain padding oracles.

A remote attacker could possibly use this issue to perform a variant of the

Bleichenbacher attack. This issue only affected Ubuntu 18.04 LTS.

(CVE-2018-16869)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  libnettle8                      3.7-2.1ubuntu1.1

Ubuntu 20.10:
  libnettle8                      3.6-2ubuntu0.2

Ubuntu 20.04 LTS:
  libnettle7                      3.5.1+really3.5.1-2ubuntu0.2

Ubuntu 18.04 LTS:
  libnettle6                      3.4.1-0ubuntu0.18.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4990-1

CVE-2018-16869, CVE-2021-3580

Severity
important
Lowest
Low
Medium
High
Critical

June 17, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here