logo
DATABASE RESOURCES PRICING ABOUT US

nettle: Information disclosure

Description

### Background Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. ### Description It was found that nettle’s RSA and DSA decryption code was vulnerable to cache-related side channel attacks. See the referenced technical paper “Cache Attacks Enable Bulk Key Recovery on the Cloud” below for details. ### Impact An attacker could recover the private key from a co-located virtual-machine instance. ### Workaround There is no known workaround at this time. ### Resolution All nettle users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nettle-3.2-r1"


Affected Package


OS OS Version Package Name Package Version
Gentoo any dev-libs/nettle 3.2-r1

Related