[SECURITY] [DSA 4933-1] nettle security update

2021-06-1818:58:09

lists.debian.org

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.1%

JSON

Debian Security Advisory DSA-4933-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
June 18, 2021 https://www.debian.org/security/faq

Package : nettle
CVE ID : CVE-2021-3580 CVE-2021-20305
Debian Bug : 985652 989631

Multiple vulnerabilities were discovered in nettle, a low level
cryptographic library, which could result in denial of service (remote
crash in RSA decryption via specially crafted ciphertext, crash on ECDSA
signature verification) or incorrect verification of ECDSA signatures.

For the stable distribution (buster), these problems have been fixed in
version 3.4.1-1+deb10u1.

We recommend that you upgrade your nettle packages.

For the detailed security status of nettle please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nettle

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10amd64nettle-dev< 3.4.1-1+deb10u1nettle-dev_3.4.1-1+deb10u1_amd64.deb
Debian10mips64elnettle-bin-dbgsym< 3.4.1-1+deb10u1nettle-bin-dbgsym_3.4.1-1+deb10u1_mips64el.deb
Debian10armhfnettle-dev< 3.4.1-1+deb10u1nettle-dev_3.4.1-1+deb10u1_armhf.deb
Debian10s390xnettle-dev< 3.4.1-1+deb10u1nettle-dev_3.4.1-1+deb10u1_s390x.deb
Debian10amd64nettle-bin-dbgsym< 3.4.1-1+deb10u1nettle-bin-dbgsym_3.4.1-1+deb10u1_amd64.deb
Debian9armellibhogweed4< 3.3-1+deb9u1libhogweed4_3.3-1+deb9u1_armel.deb
Debian10mipsellibhogweed4-dbgsym< 3.4.1-1+deb10u1libhogweed4-dbgsym_3.4.1-1+deb10u1_mipsel.deb
Debian9allnettle< 3.3-1+deb9u1nettle_3.3-1+deb9u1_all.deb
Debian9armelnettle-bin< 3.3-1+deb9u1nettle-bin_3.3-1+deb9u1_armel.deb
Debian9i386libhogweed4< 3.3-1+deb9u1libhogweed4_3.3-1+deb9u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	amd64	nettle-dev	< 3.4.1-1+deb10u1	nettle-dev_3.4.1-1+deb10u1_amd64.deb
Debian	10	mips64el	nettle-bin-dbgsym	< 3.4.1-1+deb10u1	nettle-bin-dbgsym_3.4.1-1+deb10u1_mips64el.deb
Debian	10	armhf	nettle-dev	< 3.4.1-1+deb10u1	nettle-dev_3.4.1-1+deb10u1_armhf.deb
Debian	10	s390x	nettle-dev	< 3.4.1-1+deb10u1	nettle-dev_3.4.1-1+deb10u1_s390x.deb
Debian	10	amd64	nettle-bin-dbgsym	< 3.4.1-1+deb10u1	nettle-bin-dbgsym_3.4.1-1+deb10u1_amd64.deb
Debian	9	armel	libhogweed4	< 3.3-1+deb9u1	libhogweed4_3.3-1+deb9u1_armel.deb
Debian	10	mipsel	libhogweed4-dbgsym	< 3.4.1-1+deb10u1	libhogweed4-dbgsym_3.4.1-1+deb10u1_mipsel.deb
Debian	9	all	nettle	< 3.3-1+deb9u1	nettle_3.3-1+deb9u1_all.deb
Debian	9	armel	nettle-bin	< 3.3-1+deb9u1	nettle-bin_3.3-1+deb9u1_armel.deb
Debian	9	i386	libhogweed4	< 3.3-1+deb9u1	libhogweed4_3.3-1+deb9u1_i386.deb