Описание
ELSA-2016-2582: nettle security and bug fix update (MODERATE)
[2.7.1-8]
- Use a cache-silent version of mpz_powm to prevent cache-timing attacks against RSA and DSA in shared VMs. (#1364897,CVE-2016-6489)
[2.7.1-5]
- Fixed SHA-3 implementation to conform to final standard (#1252936)
- Fixed CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 which caused issues in secp256r1 and secp384r1 calculations (#1314374)
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
nettle
2.7.1-8.el7
nettle-devel
2.7.1-8.el7
Oracle Linux x86_64
nettle
2.7.1-8.el7
nettle-devel
2.7.1-8.el7
Связанные CVE
Связанные уязвимости
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.