26 matches found
MiracleLinux 7 : nettle-2.7.1-8.el7 (AXSA:2016-1108:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-1108:01 advisory. Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages C ,...
SUSE: Security Advisory (SUSE-SU-2016:0455-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2016-1061)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP1 : nettle (EulerOS-SA-2016-1061)
According to the versions of the nettle packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languagesC+...
Scientific Linux Security Update : nettle on SL7.x x86_64 (20161103)
Security Fixes : - Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality. CVE-2015-8803, CVE-2015-8804, CVE-2015-8805 - It was found that nettle's RSA and DSA...
Oracle Linux 7 : nettle (ELSA-2016-2582)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2582 advisory. - Use a cache-silent version of mpzpowm to prevent cache-timing attacks against RSA and DSA in shared VMs. 1364897,CVE-2016-6489 Tenable has extracted...
nettle security and bug fix update
2.7.1-8 - Use a cache-silent version of mpzpowm to prevent cache-timing attacks against RSA and DSA in shared VMs. 1364897,CVE-2016-6489 2.7.1-5 - Fixed SHA-3 implementation to conform to final standard 1252936 - Fixed CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 which caused issues in secp256r1 and...
RHEL 7 : nettle (RHSA-2016:2582)
An update for nettle is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Fedora 23 : compat-nettle27 (2016-d94300845b)
Fixes CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 secp256r1 and secp384r1 bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
Fedora 22 : nettle-2.7.1-6.fc22 (2016-8ee88aee21)
Fixes CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 secp256r1 and secp384r1 bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
Fedora 23 : nettle-3.2-1.fc23 (2016-89968f88d2)
updated to 3.2 1301310 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
CVE-2015-8803
The ecc256modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than...
CVE-2015-8803
CVE-2015-8803 affects the nettle library: the ecc_256_modp implementation for P-256 may propagate carries incorrectly in nettle before version 3.2, producing incorrect output and potentially allowing unspecified impact. Multiple Nessus reports and advisories (MiracleLinux AXSA-2016-1108, EulerOS ...
CVE-2015-8803
The ecc256modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than...
openSUSE Security Update : libnettle (openSUSE-2016-217)
This update for libnettle fixes the following issues : - CVE-2015-8803: secp256 calculation bug boo964845 - CVE-2015-8804: Miscalculations on secp384 curve boo964847 - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. boo964849 %NASLMINLEVEL 70300 C Tenable Network Security...
openSUSE Security Update : libnettle (openSUSE-2016-211)
This update for libnettle fixes the following issues : - CVE-2015-8803: secp256 calculation bug boo964845 - CVE-2015-8804: Miscalculations on secp384 curve boo964847 - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. boo964849 %NASLMINLEVEL 70300 C Tenable Network Security...
SUSE SLED12 / SLES12 Security Update : libnettle (SUSE-SU-2016:0455-1)
This update for libnettle fixes the following security issues : - CVE-2015-8803: Fixed miscomputation bugs in secp-256r1 modulo functions. bsc964845 - CVE-2015-8804: Fixed carry folding bug in x8664 ecc384modp. bsc964847 - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions...
openSUSE Security Update : libnettle (openSUSE-2016-212)
This update for libnettle fixes the following security issues : - CVE-2015-8803: Fixed miscomputation bugs in secp-256r1 modulo functions. bsc964845 - CVE-2015-8804: Fixed carry folding bug in x8664 ecc384modp. bsc964847 - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions...
Ubuntu: Security Advisory (USN-2897-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : Nettle vulnerabilities (USN-2897-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2897-1 advisory. Hanno Bck discovered that Nettle incorrectly handled carry propagation in the NIST P-256 elliptic curve. CVE-2015-8803 Hanno Bck discovered that Nettle...