logo
DATABASE RESOURCES PRICING ABOUT US

EulerOS 2.0 SP1 : nettle (EulerOS-SA-2016-1061)

Description

According to the versions of the nettle packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space. - Secure Fix(es): - The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.(CVE-2015-8803) - x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.(CVE-2015-8804) - The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.(CVE-2015-8805) - It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance.(CVE-2016-6489) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Related