ALT Linux Team

Package nettle update in c8 on 2019-01-11

ALT-PU-2019-1029-1

Package nettle updated to version 3.4.1-alt1 for branch c8 in task 218720.

Closed vulnerabilities

Published: 2018-11-30

BDU:2019-00777

Уязвимость криптографической библиотеки Nettle, связана с ошибкой обратного преобразования дешифрованных данных RSA, позволяющая нарушителю получить доступ к защищаемой информации

Severity: MEDIUM (4.7) Vector: AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2018-12-03
Modified: 2024-11-21

CVE-2018-16869

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

Severity: MEDIUM (5.7) Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top