Synopsis: Moderate: nettle security and bug fix update
Advisory ID: SLSA-2016:2582-2
Issue Date: 2016-11-03
CVE Numbers: CVE-2015-8803
CVE-2015-8804
CVE-2015-8805
CVE-2016-6489
—
Security Fix(es):
* Multiple flaws were found in the way nettle implemented elliptic curve
scalar multiplication. These flaws could potentially introduce
cryptographic weaknesses into nettle’s functionality. (CVE-2015-8803,
CVE-2015-8804, CVE-2015-8805)
* It was found that nettle’s RSA and DSA decryption code was vulnerable to
cache-related side channel attacks. An attacker could use this flaw to
recover the private key from a co-located virtual-machine instance.
(CVE-2016-6489)
Additional Changes:
—
SL7
x86_64
nettle-2.7.1-8.el7.i686.rpm
nettle-2.7.1-8.el7.x86_64.rpm
nettle-debuginfo-2.7.1-8.el7.i686.rpm
nettle-debuginfo-2.7.1-8.el7.x86_64.rpm
nettle-devel-2.7.1-8.el7.i686.rpm
nettle-devel-2.7.1-8.el7.x86_64.rpm
– Scientific Linux Development Team
