7.5 - USN-2897-1

Executive Summary

Summary
Title	Nettle vulnerabilities

Informations
Name	USN-2897-1	First vendor Publication	2016-02-15
Vendor	Ubuntu	Last vendor Modification	2016-02-15
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10 - Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Nettle.

Software Description: - nettle: low level cryptographic library (public-key cryptos)

Details:

Hanno BÃ¶ck discovered that Nettle incorrectly handled carry propagation in the NIST P-256 elliptic curve. (CVE-2015-8803)

Hanno BÃ¶ck discovered that Nettle incorrectly handled carry propagation in the NIST P-384 elliptic curve. (CVE-2015-8804)

Niels Moeller discovered that Nettle incorrectly handled carry propagation in the NIST P-256 elliptic curve. (CVE-2015-8805)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10:
libnettle6 3.1.1-4ubuntu0.1

Ubuntu 14.04 LTS:
libnettle4 2.7.1-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2897-1
CVE-2015-8803, CVE-2015-8804, CVE-2015-8805

Package Information:
https://launchpad.net/ubuntu/+source/nettle/3.1.1-4ubuntu0.1
https://launchpad.net/ubuntu/+source/nettle/2.7.1-1ubuntu0.1

Original Source

Url : http://www.ubuntu.com/usn/USN-2897-1

CWE : Common Weakness Enumeration

%	Id	Name
60 %	CWE-310	Cryptographic Issues
40 %	CWE-254	Security Features

CPE : Common Platform Enumeration

Type	Description	Count
Application	Nettle Project Nettle cpe:2.3:a:nettle_project:nettle::::::::	1
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::	2
Os	Opensuse Leap cpe:2.3:o:opensuse:leap:42.1:::::::*	1
Os	Opensuse cpe:2.3:o:opensuse:opensuse:13.2:::::::* cpe:2.3:o:opensuse:opensuse:13.1:::::::*	2

Nessus® Vulnerability Scanner

Date	Description
2017-05-01	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2016-1061.nasl - Type : ACT_GATHER_INFO
2016-12-15	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20161103_nettle_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2016-11-28	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-2582.nasl - Type : ACT_GATHER_INFO
2016-11-11	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-2582.nasl - Type : ACT_GATHER_INFO
2016-11-04	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-2582.nasl - Type : ACT_GATHER_INFO
2016-07-14	Name : The remote Fedora host is missing a security update. File : fedora_2016-d94300845b.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2016-89968f88d2.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2016-8ee88aee21.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing one or more security updates. File : fedora_2016-aa00f0631d.nasl - Type : ACT_GATHER_INFO
2016-02-18	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-217.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-211.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-212.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0455-1.nasl - Type : ACT_GATHER_INFO
2016-02-16	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2897-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2016-03-11 00:29:12	Multiple Updates
2016-03-10 05:28:32	Multiple Updates
2016-03-09 21:29:25	Multiple Updates
2016-03-04 21:29:39	Multiple Updates
2016-02-24 00:28:02	Multiple Updates
2016-02-17 13:26:47	Multiple Updates
2016-02-15 21:29:03	Multiple Updates
2016-02-15 21:24:16	First insertion

Global Informations

Type	Count
CWE ID(s)	5
CPE ID(s)	6
Nessus® Exploit(s)	14

	Related
9.8	CVE-2015-8805
9.8	CVE-2015-8804
9.8	CVE-2015-8803
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

7.5 - USN-2897-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU