Vulnerabilities > CVE-2015-8804 - Cryptographic Issues vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
nettle-project
canonical
opensuse
CWE-310
nessus

Summary

x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2897-1.NASL
    descriptionHanno Bock discovered that Nettle incorrectly handled carry propagation in the NIST P-256 elliptic curve. (CVE-2015-8803) Hanno Bock discovered that Nettle incorrectly handled carry propagation in the NIST P-384 elliptic curve. (CVE-2015-8804) Niels Moeller discovered that Nettle incorrectly handled carry propagation in the NIST P-256 elliptic curve. (CVE-2015-8805). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id88748
    published2016-02-16
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88748
    titleUbuntu 14.04 LTS / 15.10 : nettle vulnerabilities (USN-2897-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2897-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(88748);
      script_version("2.11");
      script_cvs_date("Date: 2019/09/18 12:31:45");
    
      script_cve_id("CVE-2015-8803", "CVE-2015-8804", "CVE-2015-8805");
      script_xref(name:"USN", value:"2897-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 15.10 : nettle vulnerabilities (USN-2897-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Hanno Bock discovered that Nettle incorrectly handled carry
    propagation in the NIST P-256 elliptic curve. (CVE-2015-8803)
    
    Hanno Bock discovered that Nettle incorrectly handled carry
    propagation in the NIST P-384 elliptic curve. (CVE-2015-8804)
    
    Niels Moeller discovered that Nettle incorrectly handled carry
    propagation in the NIST P-256 elliptic curve. (CVE-2015-8805).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2897-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libnettle4 and / or libnettle6 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnettle4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnettle6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/02/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|15\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 15.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"libnettle4", pkgver:"2.7.1-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"libnettle6", pkgver:"3.1.1-4ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libnettle4 / libnettle6");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0455-1.NASL
    descriptionThis update for libnettle fixes the following security issues : - CVE-2015-8803: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964845) - CVE-2015-8804: Fixed carry folding bug in x86_64 ecc_384_modp. (bsc#964847) - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964849) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id88802
    published2016-02-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88802
    titleSUSE SLED12 / SLES12 Security Update : libnettle (SUSE-SU-2016:0455-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:0455-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(88802);
      script_version("2.12");
      script_cvs_date("Date: 2019/09/11 11:22:13");
    
      script_cve_id("CVE-2015-8803", "CVE-2015-8804", "CVE-2015-8805");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : libnettle (SUSE-SU-2016:0455-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libnettle fixes the following security issues :
    
      - CVE-2015-8803: Fixed miscomputation bugs in secp-256r1
        modulo functions. (bsc#964845)
    
      - CVE-2015-8804: Fixed carry folding bug in x86_64
        ecc_384_modp. (bsc#964847)
    
      - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1
        modulo functions. (bsc#964849)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=964845"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=964847"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=964849"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8803/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8804/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8805/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20160455-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ad471249"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP1 :
    
    zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-259=1
    
    SUSE Linux Enterprise Software Development Kit 12 :
    
    zypper in -t patch SUSE-SLE-SDK-12-2016-259=1
    
    SUSE Linux Enterprise Server 12-SP1 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-259=1
    
    SUSE Linux Enterprise Server 12 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-2016-259=1
    
    SUSE Linux Enterprise Desktop 12-SP1 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-259=1
    
    SUSE Linux Enterprise Desktop 12 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-2016-259=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libhogweed2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libhogweed2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libnettle-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libnettle4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libnettle4-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/02/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0/1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libhogweed2-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libhogweed2-debuginfo-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libnettle-debugsource-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libnettle4-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libnettle4-debuginfo-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libhogweed2-32bit-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libhogweed2-debuginfo-32bit-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libnettle4-32bit-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libnettle4-debuginfo-32bit-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libhogweed2-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libhogweed2-debuginfo-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libnettle-debugsource-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libnettle4-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libnettle4-debuginfo-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libhogweed2-32bit-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libhogweed2-debuginfo-32bit-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libnettle4-32bit-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libnettle4-debuginfo-32bit-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libhogweed2-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libhogweed2-32bit-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libhogweed2-debuginfo-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libhogweed2-debuginfo-32bit-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libnettle-debugsource-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libnettle4-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libnettle4-32bit-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libnettle4-debuginfo-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libnettle4-debuginfo-32bit-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libhogweed2-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libhogweed2-32bit-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libhogweed2-debuginfo-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libhogweed2-debuginfo-32bit-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libnettle-debugsource-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libnettle4-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libnettle4-32bit-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libnettle4-debuginfo-2.7.1-9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libnettle4-debuginfo-32bit-2.7.1-9.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libnettle");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1061.NASL
    descriptionAccording to the versions of the nettle packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space. - Secure Fix(es): - The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.(CVE-2015-8803) - x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.(CVE-2015-8804) - The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.(CVE-2015-8805) - It was found that nettle
    last seen2020-05-06
    modified2017-05-01
    plugin id99823
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99823
    titleEulerOS 2.0 SP1 : nettle (EulerOS-SA-2016-1061)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-217.NASL
    descriptionThis update for libnettle fixes the following issues : - CVE-2015-8803: secp256 calculation bug (boo#964845) - CVE-2015-8804: Miscalculations on secp384 curve (boo#964847) - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. (boo#964849)
    last seen2020-06-05
    modified2016-02-18
    plugin id88823
    published2016-02-18
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/88823
    titleopenSUSE Security Update : libnettle (openSUSE-2016-217)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-212.NASL
    descriptionThis update for libnettle fixes the following security issues : - CVE-2015-8803: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964845) - CVE-2015-8804: Fixed carry folding bug in x86_64 ecc_384_modp. (bsc#964847) - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964849) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2016-02-17
    plugin id88772
    published2016-02-17
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/88772
    titleopenSUSE Security Update : libnettle (openSUSE-2016-212)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-211.NASL
    descriptionThis update for libnettle fixes the following issues : - CVE-2015-8803: secp256 calculation bug (boo#964845) - CVE-2015-8804: Miscalculations on secp384 curve (boo#964847) - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. (boo#964849)
    last seen2020-06-05
    modified2016-02-17
    plugin id88771
    published2016-02-17
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/88771
    titleopenSUSE Security Update : libnettle (openSUSE-2016-211)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2582.NASL
    descriptionFrom Red Hat Security Advisory 2016:2582 : An update for nettle is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix(es) : * Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle
    last seen2020-06-01
    modified2020-06-02
    plugin id94704
    published2016-11-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94704
    titleOracle Linux 7 : nettle (ELSA-2016-2582)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-D94300845B.NASL
    descriptionFixes CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 (secp256r1 and secp384r1 bugs) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-14
    plugin id92179
    published2016-07-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92179
    titleFedora 23 : compat-nettle27 (2016-d94300845b)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2582.NASL
    descriptionAn update for nettle is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix(es) : * Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle
    last seen2020-06-01
    modified2020-06-02
    plugin id95329
    published2016-11-28
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95329
    titleCentOS 7 : nettle (CESA-2016:2582)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20161103_NETTLE_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle
    last seen2020-03-18
    modified2016-12-15
    plugin id95849
    published2016-12-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95849
    titleScientific Linux Security Update : nettle on SL7.x x86_64 (20161103)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-8EE88AEE21.NASL
    descriptionFixes CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 (secp256r1 and secp384r1 bugs) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89579
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89579
    titleFedora 22 : nettle-2.7.1-6.fc22 (2016-8ee88aee21)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2582.NASL
    descriptionAn update for nettle is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix(es) : * Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle
    last seen2020-06-01
    modified2020-06-02
    plugin id94545
    published2016-11-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94545
    titleRHEL 7 : nettle (RHSA-2016:2582)

Redhat

advisories
rhsa
idRHSA-2016:2582
rpms
  • nettle-0:2.7.1-8.el7
  • nettle-debuginfo-0:2.7.1-8.el7
  • nettle-devel-0:2.7.1-8.el7