CVE-2016-6489

Опубликовано: 14 апр. 2017

Источник: debian

EPSS Низкий

Описание

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

Пакет	Статус	Версия исправления	Релиз	Тип
nettle	fixed	3.3-1		package
nettle	fixed	2.7.1-5+deb8u2	jessie	package

https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003093.html
https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3
Original patch had some unintended side effects: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003104.html
Cf. https://www.openwall.com/lists/oss-security/2016/07/30/2
Additionally needed: https://git.lysator.liu.se/nettle/nettle/commit/52b9223126b3f997c00d399166c006ae28669068
GnuTLS needs an update when/before src:nettle is fixed to continue working with patched src:nettle for CVE-2016-6489
but not a vulnerability in GnuTLS. Needs https://gitlab.com/gnutls/gnutls/commit/186dc9c2012003587a38d7f4d03edd8da5fe989f

EPSS

Процентиль: 83%

0.02102

Низкий

CVE-2016-6489

CVSS3: 7.5

ubuntu

больше 8 лет назад

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

CVE-2016-6489

CVSS3: 7.4

redhat

около 9 лет назад

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

CVE-2016-6489

CVSS3: 7.5

nvd

больше 8 лет назад

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

openSUSE-SU-2017:1533-1

suse-cvrf

около 8 лет назад

Security update for libnettle

SUSE-SU-2017:1481-1

suse-cvrf

больше 8 лет назад

Security update for libnettle

EPSS

Процентиль: 83%

0.02102

Низкий