Synopsis:          Moderate: nettle security and bug fix update
Advisory ID:       SLSA-2016:2582-2
Issue Date:        2016-11-03
CVE Numbers:       CVE-2015-8803
                   CVE-2015-8804
                   CVE-2015-8805
                   CVE-2016-6489
--

Security Fix(es):

* Multiple flaws were found in the way nettle implemented elliptic curve
scalar multiplication. These flaws could potentially introduce
cryptographic weaknesses into nettle's functionality. (CVE-2015-8803,
CVE-2015-8804, CVE-2015-8805)

* It was found that nettle's RSA and DSA decryption code was vulnerable to
cache-related side channel attacks. An attacker could use this flaw to
recover the private key from a co-located virtual-machine instance.
(CVE-2016-6489)

Additional Changes:
--

SL7
  x86_64
    nettle-2.7.1-8.el7.i686.rpm
    nettle-2.7.1-8.el7.x86_64.rpm
    nettle-debuginfo-2.7.1-8.el7.i686.rpm
    nettle-debuginfo-2.7.1-8.el7.x86_64.rpm
    nettle-devel-2.7.1-8.el7.i686.rpm
    nettle-devel-2.7.1-8.el7.x86_64.rpm

- Scientific Linux Development Team