nettle-2.7.1-9.0.1.el7.AXS7
エラータID: AXSA:2025-10914:02
Nettle is a cryptographic library that is designed to fit easily in more
or less any context: In crypto toolkits for object-oriented languages
(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
kernel space.
Security Fix:
- Port side-channel silent functions from 3.4.1. Partially fix for CVE-2018-16869
- CVE-2018-16869: Add side-channel silent memory, math, PKCS1, RSA functions
- Added tests for side-channel silent implementations
CVE(s):
CVE-2018-16869
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
Update packages.
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
N/A
Asianux Server 7 for x86_64
- nettle-2.7.1-9.0.1.el7.AXS7.i686.rpm
MD5: 75f147a4b6ac04eca195c54697d9f2d7
SHA-256: db71badae6fefd0df8ba9d8b325b45c5c3f4ce51f0e5a11c35442a77bf211ad6
Size: 332.72 kB - nettle-2.7.1-9.0.1.el7.AXS7.x86_64.rpm
MD5: ad776592dd3e17cc76d6a9a0e0ab4a92
SHA-256: 7e14ee7a778a9924b7ac1869d28a303e9866e7a54117c037b9f3471ad00c8e88
Size: 329.61 kB - nettle-devel-2.7.1-9.0.1.el7.AXS7.i686.rpm
MD5: 3c6701938d09a9131ae5d8b0707a5a9f
SHA-256: b76f0a6c8fb0b4de6e7bc0374984f2f01cfc37d3ec431fbbb3cbca1789dc0b24
Size: 471.33 kB - nettle-devel-2.7.1-9.0.1.el7.AXS7.x86_64.rpm
MD5: 9ffe58e079eb45d96a2a860430a52902
SHA-256: 8a55ca0e383bbe75d9afb815cae6e2d0f9beaee93bfe5a0d408cdabf503314a2
Size: 471.30 kB
日本語