drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in Nettle
Name: |
Denial of Service in Nettle |
|
ID: |
202105-31 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mi, 26. Mai 2021, 23:05 |
|
Referenzen: |
https://nvd.nist.gov/vuln/detail/CVE-2021-20305 |
|
Applikationen: |
Nettle |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Sm3tI9qvIhI18ujY43s1T8nYx3bGDZKDa Content-Type: multipart/mixed; boundary="WzD05f4ISGOKgqTD6IqUYsUoQOeFTB82j"; protected-headers="v1" From: Thomas Deutschmann <whissi@gentoo.org> Reply-To: security@gentoo.org To: gentoo-announce@lists.gentoo.org Message-ID: <0d427025-7c41-11b8-3b2a-71c223e1c702@gentoo.org> Subject: [ GLSA 202105-31 ] Nettle: Denial of service
--WzD05f4ISGOKgqTD6IqUYsUoQOeFTB82j Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-U Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low Title: Nettle: Denial of service Date: May 26, 2021 Bugs: #780483 ID: 202105-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
A vulnerability in Nettle could lead to a Denial of Service condition.
Background ==========
Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/nettle < 3.7.2 >= 3.7.2
Description ===========
It was discovered that Nettle incorrectly handled signature verification.
Impact ======
A remote attacker could send a specially crafted valid-looking input signature, possibly resulting in a Denial of Service condition or force an invalid signature.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All Nettle users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nettle-3.7.2"
References ==========
[ 1 ] CVE-2021-20305 https://nvd.nist.gov/vuln/detail/CVE-2021-20305
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202105-31
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
--WzD05f4ISGOKgqTD6IqUYsUoQOeFTB82j--
--Sm3tI9qvIhI18ujY43s1T8nYx3bGDZKDa Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEExKRzo+LDXJgXHuURObr3Jv2BVkFAmCuIIQFAwAAAAAACgkQRObr3Jv2BVmh 7Qf+LDHJO2HnoF3l16psNUoqtsJFyFgxBgKEyEKp/L/x2tCxUlnYVEiGxfnP5p1e27lWkGwNrhLB uAVsC11ETkP4PZQ6ZN6pzs+Y+uIZnCbJ8MkGgMHZPQFa9IPmk86VMu0lTu6I1tmmoceFMjW/21Fh dL7/45U0SGK90B3y8R2Vt1w+sszBAIosGiT3PvfZNWeZCkjmOua8kN+u3f9GM+w9C6o8TeTv+9cG bfURXpS0Iy3LEBvXvFqulTyx7iu39EHjLn6J9l51mo7qWXAN6Kd1rC9OIv4HNvVGp+79l20oMb3b EqCo3sPx9kzxRqhpx4TOq95sS10XFJqUoXE4pd2DoA== =xEEE -----END PGP SIGNATURE-----
--Sm3tI9qvIhI18ujY43s1T8nYx3bGDZKDa--
|
|
|
|