Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2016-2582.NASL
HistoryNov 04, 2016 - 12:00 a.m.

RHEL 7 : nettle (RHSA-2016:2582)

2016-11-0400:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26
JSON

An update for nettle is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space.

Security Fix(es) :

  • Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle’s functionality. (CVE-2015-8803, CVE-2015-8804, CVE-2015-8805)

  • It was found that nettle’s RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. (CVE-2016-6489)

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2016:2582. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(94545);
  script_version("2.11");
  script_cvs_date("Date: 2019/10/24 15:35:42");

  script_cve_id("CVE-2015-8803", "CVE-2015-8804", "CVE-2015-8805", "CVE-2016-6489");
  script_xref(name:"RHSA", value:"2016:2582");

  script_name(english:"RHEL 7 : nettle (RHSA-2016:2582)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for nettle is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Nettle is a cryptographic library that is designed to fit easily in
almost any context: In cryptographic toolkits for object-oriented
languages, such as C++, Python, or Pike, in applications like lsh or
GnuPG, or even in kernel space.

Security Fix(es) :

* Multiple flaws were found in the way nettle implemented elliptic
curve scalar multiplication. These flaws could potentially introduce
cryptographic weaknesses into nettle's functionality. (CVE-2015-8803,
CVE-2015-8804, CVE-2015-8805)

* It was found that nettle's RSA and DSA decryption code was
vulnerable to cache-related side channel attacks. An attacker could
use this flaw to recover the private key from a co-located
virtual-machine instance. (CVE-2016-6489)

Additional Changes :

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.3 Release Notes linked from the References section."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2016:2582"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-8803"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-8804"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-8805"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-6489"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected nettle, nettle-debuginfo and / or nettle-devel
packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nettle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nettle-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nettle-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/11/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2016:2582";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL7", reference:"nettle-2.7.1-8.el7")) flag++;

  if (rpm_check(release:"RHEL7", reference:"nettle-debuginfo-2.7.1-8.el7")) flag++;

  if (rpm_check(release:"RHEL7", reference:"nettle-devel-2.7.1-8.el7")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nettle / nettle-debuginfo / nettle-devel");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxnettlep-cpe:/a:redhat:enterprise_linux:nettle
redhatenterprise_linuxnettle-debuginfop-cpe:/a:redhat:enterprise_linux:nettle-debuginfo
redhatenterprise_linuxnettle-develp-cpe:/a:redhat:enterprise_linux:nettle-devel
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linux7.3cpe:/o:redhat:enterprise_linux:7.3
redhatenterprise_linux7.4cpe:/o:redhat:enterprise_linux:7.4
redhatenterprise_linux7.5cpe:/o:redhat:enterprise_linux:7.5
redhatenterprise_linux7.6cpe:/o:redhat:enterprise_linux:7.6
redhatenterprise_linux7.7cpe:/o:redhat:enterprise_linux:7.7

Related

nessus 21
oraclelinux 1
openvas 10
redhat 1
centos 1
archlinux 2
fedora 7
ubuntu 2
mageia 2
prion 4
ubuntucve 4
cve 4
debiancve 4
osv 1
debian 1
gentoo 1
photon 2
redhatcve 1
ibm 1
cloudfoundry 1
oracle 1
nessus
nessus
Oracle Linux 7 : nettle (ELSA-2016-2582)
2016-11-11 00:00:00
CentOS 7 : nettle (CESA-2016:2582)
2016-11-28 00:00:00
Scientific Linux Security Update : nettle on SL7.x x86_64 (20161103)
2016-12-15 00:00:00
oraclelinux
oraclelinux
nettle security and bug fix update
2016-11-09 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2016-1061)
2020-01-23 00:00:00
RedHat Update for nettle RHSA-2016:2582-02
2016-11-04 00:00:00
Fedora Update for nettle FEDORA-2016-8
2016-02-21 00:00:00
redhat
redhat
(RHSA-2016:2582) Moderate: nettle security and bug fix update
2016-11-03 06:07:15
centos
centos
nettle security update
2016-11-25 15:38:26
archlinux
archlinux
lib32-nettle: improper cryptographic calculations
2016-02-03 00:00:00
nettle: improper cryptographic calculations
2016-02-03 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: compat-nettle27-2.7.1-2.fc23
2016-06-02 15:03:54
[SECURITY] Fedora 22 Update: nettle-2.7.1-6.fc22
2016-02-21 02:30:44
[SECURITY] Fedora 23 Update: nettle-3.2-1.fc23
2016-02-04 23:23:47
ubuntu
ubuntu
Nettle vulnerabilities
2016-02-15 00:00:00
Nettle vulnerability
2017-02-06 00:00:00
mageia
mageia
Updated nettle packages fix security vulnerabilities
2016-02-09 22:05:34
Updated nettle/nettle2.7 packages fix security vulnerability
2016-08-31 18:32:33
prion
prion
Design/Logic Flaw
2016-02-23 19:59:00
Design/Logic Flaw
2016-02-23 19:59:00
Design/Logic Flaw
2016-02-23 19:59:00
ubuntucve
ubuntucve
CVE-2015-8805
2015-12-31 00:00:00
CVE-2015-8803
2015-12-31 00:00:00
CVE-2015-8804
2015-12-31 00:00:00
cve
cve
CVE-2015-8803
2016-02-23 19:59:00
CVE-2015-8805
2016-02-23 19:59:00
CVE-2015-8804
2016-02-23 19:59:00
debiancve
debiancve
CVE-2015-8803
2016-02-23 19:59:00
CVE-2015-8805
2016-02-23 19:59:00
CVE-2015-8804
2016-02-23 19:59:00
osv
osv
nettle - security update
2016-08-11 00:00:00
debian
debian
[SECURITY] [DLA 593-1] nettle security update
2016-08-11 18:59:02
gentoo
gentoo
nettle: Information disclosure
2017-06-22 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0119
2018-03-23 00:00:00
Important Photon OS Security Update - PHSA-2018-0119
2018-03-23 00:00:00
redhatcve
redhatcve
CVE-2016-6489
2016-08-01 08:18:21
ibm
ibm
Security Bulletin: A vulnerability in nettle affects PowerKVM
2018-06-18 01:34:46
cloudfoundry
cloudfoundry
USN-3193-1: Nettle vulnerability | Cloud Foundry
2017-03-14 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
JSON
Related for REDHAT-RHSA-2016-2582.NASL
nessus21oraclelinux1openvas10redhat1centos1archlinux2fedora7ubuntu2mageia2prion4ubuntucve4cve4debiancve4osv1debian1gentoo1photon2redhatcve1ibm1cloudfoundry1oracle1