SCIENTIFIC-LINUX-ERRATA Archives

December 2016

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: nettle on SL7.x x86_64
From:
Scott Reid <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 14 Dec 2016 18:08:46 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (35 lines) 
Synopsis:          Moderate: nettle security and bug fix update
Advisory ID:       SLSA-2016:2582-2
Issue Date:        2016-11-03
CVE Numbers:       CVE-2015-8803
                   CVE-2015-8804
                   CVE-2015-8805
                   CVE-2016-6489
--

Security Fix(es):

* Multiple flaws were found in the way nettle implemented elliptic curve
scalar multiplication. These flaws could potentially introduce
cryptographic weaknesses into nettle's functionality. (CVE-2015-8803,
CVE-2015-8804, CVE-2015-8805)

* It was found that nettle's RSA and DSA decryption code was vulnerable to
cache-related side channel attacks. An attacker could use this flaw to
recover the private key from a co-located virtual-machine instance.
(CVE-2016-6489)

Additional Changes:
--

SL7
  x86_64
    nettle-2.7.1-8.el7.i686.rpm
    nettle-2.7.1-8.el7.x86_64.rpm
    nettle-debuginfo-2.7.1-8.el7.i686.rpm
    nettle-debuginfo-2.7.1-8.el7.x86_64.rpm
    nettle-devel-2.7.1-8.el7.i686.rpm
    nettle-devel-2.7.1-8.el7.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2