Package "libnettle6"
Name: |
libnettle6
|
Description: |
low level cryptographic library (symmetric and one-way cryptos)
|
Latest version: |
3.4.1-0ubuntu0.18.04.1 |
Release: |
bionic (18.04) |
Level: |
updates |
Repository: |
main |
Head package: |
nettle |
Homepage: |
http://www.lysator.liu.se/~nisse/nettle/ |
Links
Download "libnettle6"
Other versions of "libnettle6" in Bionic
Changelog
nettle (3.4.1-0ubuntu0.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: Bleichenbacher type side-channel based padding oracle
attack in endian conversion of RSA decrypted PKCS#1 v1.5 data
- Updated to upstream 3.4.1 tarball.
- debian/*symbols: added new 3.4.1 symbols.
- CVE-2018-16869
* SECURITY UPDATE: crash in RSA decryption via manipulated ciphertext
- debian/patches/CVE-2021-3580-1.patch: change _rsa_sec_compute_root_tr
to take a fixed input size in rsa-decrypt-tr.c, rsa-internal.h,
rsa-sec-decrypt.c, rsa-sign-tr.c, testsuite/rsa-encrypt-test.c.
- debian/patches/CVE-2021-3580-2.patch: add input check to rsa_decrypt
family of functions in rsa-decrypt-tr.c, rsa-decrypt.c,
rsa-sec-decrypt.c, rsa.h, testsuite/rsa-encrypt-test.c.
- CVE-2021-3580
-- Marc Deslauriers <email address hidden> Mon, 14 Jun 2021 09:33:12 -0400
|
Source diff to previous version |
CVE-2018-16869 |
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 dat |
CVE-2021-3580 |
Remote crash in RSA decryption via manipulated ciphertext |
|
nettle (3.4-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Out of Bound memory access in signature verification
- debian/patches/CVE-2021-20305-1.patch: new functions
ecc_mod_mul_canonical and ecc_mod_sqr_canonical in
curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c,
ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c.
- debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for
point comparison in eddsa-verify.c.
- debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in
ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c.
- debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is
canonically reduced in ecc-ecdsa-sign.c.
- debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in
eddsa-hash.c.
- debian/libhogweed4.symbols: added new symbols.
- CVE-2021-20305
-- Marc Deslauriers <email address hidden> Wed, 07 Apr 2021 10:17:03 -0400
|
CVE-2021-20305 |
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the El |
|
About
-
Send Feedback to @ubuntu_updates