Описание
Security update for libnettle
This update for libnettle fixes the following security issues:
- CVE-2015-8803: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964845)
- CVE-2015-8804: Fixed carry folding bug in x86_64 ecc_384_modp. (bsc#964847)
- CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964849)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0475-1
- SUSE Security Ratings
Описание
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
Затронутые продукты
Ссылки
- CVE-2015-8803
- SUSE Bug 964845
Описание
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-8804
- SUSE Bug 964847
Описание
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
Затронутые продукты
Ссылки
- CVE-2015-8805
- SUSE Bug 964849