UbuntuUpdates.org

Package "nettle"

Name: nettle

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • low level cryptographic library (binary tools)
Latest version: 2.7.1-1ubuntu0.2
Release: trusty (14.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "nettle" in Trusty

Repository Area Version
base main 2.7.1-1
security main 2.7.1-1ubuntu0.2
updates main 2.7.1-1ubuntu0.2
updates universe 2.7.1-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.7.1-1ubuntu0.2 2017-02-06 20:06:51 UTC

  nettle (2.7.1-1ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: RSA cache timing side-channel attack
    - debian/patches/CVE-2016-6489.patch: use mpz_powm_sec and check for
      invalid keys in dsa-sign.c, rsa-blind.c, rsa-pkcs1-sign-tr.c,
      rsa-pkcs1-sign.c, rsa-sign.c, rsa.c, testsuite/rsa-test.c,
      rsa-decrypt-tr.c, rsa-decrypt.c.
    - CVE-2016-6489

 -- Marc Deslauriers <email address hidden> Fri, 03 Feb 2017 08:40:39 -0500
Source diff to previous version
CVE-2016-6489 RSA code is vulnerable to cache sharing related attacks

Version: 2.7.1-1ubuntu0.1 2016-02-15 20:07:32 UTC

  nettle (2.7.1-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: miscomputation bugs in secp-256r1 modulo functions
    - debian/patches/CVE-2015-8803_8805.patch: fix carry propagation bugs
      in ecc-256.c.
    - CVE-2015-8803
    - CVE-2015-8805
  * SECURITY UPDATE: carry folding bug in x86_64 ecc_384_modp
    - debian/patches/CVE-2015-8804.patch: fix carry propagation bug in
      x86_64/ecc-384-modp.asm.
    - CVE-2015-8804

 -- Marc Deslauriers <email address hidden> Wed, 10 Feb 2016 13:34:57 -0500
CVE-2015-8803 secp256 calculation bug
CVE-2015-8805 miscomputation bugs in secp-256r1 modulo functions
CVE-2015-8804 Miscalculations on secp384 curve


About   -   Send Feedback to @ubuntu_updates