Updated nettle packages fix security vulnerabilities
Publication date: 09 Feb 2016Modification date: 09 Feb 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8803 , CVE-2015-8804 , CVE-2015-8805
Description
Updated nettle2.7 and nettle packages fix security vulnerabilities:
Two carry propagation bugs in elliptic curve scalar multiplications that
affect the NIST P-256 curve. The bugs are in the C code and affect multiple
architectures (CVE-2015-8803, CVE-2015-8805).
A carry propagation bug in elliptic curve scalar multiplications that
affect the NIST P-384 curve. The bug is in the assembly code and only affects
the x86_64 architecture (CVE-2015-8804).
References
- https://bugs.mageia.org/show_bug.cgi?id=17669
- http://openwall.com/lists/oss-security/2016/02/03/1
- https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176807.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8803
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8804
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8805
SRPMS
5/core
- nettle2.7-2.7.1-6.1.mga5
- nettle-3.0-3.1.mga5