nettle-2.7.1-9.el7

エラータID: AXSA:2021-1651:01

Release date: 
Friday, April 9, 2021 - 00:48
Subject: 
nettle-2.7.1-9.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

Security Fix(es):

* nettle: Out of bounds memory access in signature verification (CVE-2021-20305)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-20305
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Solution: 

Update packages.

CVEs: 
CVE-2021-20305
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
Additional Info: 

N/A

Download: 

SRPMS
  1. nettle-2.7.1-9.el7.src.rpm
    MD5: 27da81cb9100717431f11a8c169df1b2
    SHA-256: 3aa5542cbedf90181ca80ab8d230678c78434bb2e45d8d2a439adb884f24cb4d
    Size: 1.76 MB

Asianux Server 7 for x86_64
  1. nettle-2.7.1-9.el7.x86_64.rpm
    MD5: 1a4f6d540c1a1a5448ba760d0bd1caff
    SHA-256: 83d2b8505f540a6c57cadb42030378878a7e93bb51870308f984fa798b15d61f
    Size: 326.70 kB
  2. nettle-devel-2.7.1-9.el7.x86_64.rpm
    MD5: d0040a96f5d9cd9fc4f0cc7148f5ae47
    SHA-256: b63395a8689377b0eb95d9d2ab1bdc05698b5ca412e9317b3d2b1e4c39737ff7
    Size: 470.29 kB
  3. nettle-2.7.1-9.el7.i686.rpm
    MD5: ea3f85aebb9f8f65484116579302f12a
    SHA-256: d29428e41ce8c736e791355384039bb80c6b147317fa860bb555246641675993
    Size: 329.32 kB
  4. nettle-devel-2.7.1-9.el7.i686.rpm
    MD5: 80c390fe83fa47b3f470cde01c4df843
    SHA-256: 2936a3fc160517c6e6367fdd1cf0b9bbc99d45eed148e244bce587120b1aefae
    Size: 470.32 kB