Описание
Security update for libnettle
This update for libnettle fixes the following security issues:
- CVE-2015-8803: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964845)
- CVE-2015-8804: Fixed carry folding bug in x86_64 ecc_384_modp. (bsc#964847)
- CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964849)
Список пакетов
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Software Development Kit 12 SP1
Ссылки
- Link for SUSE-SU-2016:0455-1
- E-Mail link for SUSE-SU-2016:0455-1
- SUSE Security Ratings
- SUSE Bug 964845
- SUSE Bug 964847
- SUSE Bug 964849
- SUSE CVE CVE-2015-8803 page
- SUSE CVE CVE-2015-8804 page
- SUSE CVE CVE-2015-8805 page
Описание
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
Затронутые продукты
Ссылки
- CVE-2015-8803
- SUSE Bug 964845
Описание
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-8804
- SUSE Bug 964847
Описание
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
Затронутые продукты
Ссылки
- CVE-2015-8805
- SUSE Bug 964849