ELSA-2021-1206

Опубликовано: 16 апр. 2021

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2021-1206: gnutls and nettle security update (IMPORTANT)

gnutls [3.6.14-8]

Port fixes for potential miscalculation in ecdsa_verify (#1942929)

nettle [3.4.1-4]

Fix patch application

[3.4.1-3]

Port fixes for potential miscalculation in ecdsa_verify (#1942924)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

gnutls

3.6.14-8.el8_3

gnutls-c++

3.6.14-8.el8_3

gnutls-dane

3.6.14-8.el8_3

gnutls-devel

3.6.14-8.el8_3

gnutls-utils

3.6.14-8.el8_3

nettle

3.4.1-4.el8_3

nettle-devel

3.4.1-4.el8_3

Oracle Linux x86_64

gnutls

3.6.14-8.el8_3

gnutls-c++

3.6.14-8.el8_3

gnutls-dane

3.6.14-8.el8_3

gnutls-devel

3.6.14-8.el8_3

gnutls-utils

3.6.14-8.el8_3

nettle

3.4.1-4.el8_3

nettle-devel

3.4.1-4.el8_3

Связанные CVE

CVE-2021-20305

Ссылки на источники

Связанные уязвимости

CVE-2021-20305

CVSS3: 8.1

ubuntu

почти 5 лет назад

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.