Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:1206

Опубликовано: 14 апр. 2021
Источник: rocky
Оценка: Important

Описание

Important: gnutls and nettle security update

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

Security Fix(es):

  • nettle: Out of bounds memory access in signature verification (CVE-2021-20305)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
gnutlsx86_648.el8_3gnutls-3.6.14-8.el8_3.x86_64.rpm
gnutlsi6868.el8_3gnutls-3.6.14-8.el8_3.i686.rpm
nettlei6864.el8_4nettle-3.4.1-4.el8_4.i686.rpm
nettlex86_644.el8_4nettle-3.4.1-4.el8_4.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-20305

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2021-20305

CVSS3: 8.1
ubuntu
почти 5 лет назад

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

redhat логотип

CVE-2021-20305

CVSS3: 8.1
redhat
почти 5 лет назад

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

nvd логотип

CVE-2021-20305

CVSS3: 8.1
nvd
почти 5 лет назад

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

msrc логотип

CVE-2021-20305

CVSS3: 8.1
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2021-20305

CVSS3: 8.1
debian
почти 5 лет назад

A flaw was found in Nettle in versions before 3.7.2, where several Net ...