Test ID:	1.3.6.1.4.1.25623.1.0.871683
Category:	Red Hat Local Security Checks
Title:	RedHat Update for nettle RHSA-2016:2582-02
Summary:	The remote host is missing an update for the 'nettle'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'nettle' package(s) announced via the referenced advisory. Vulnerability Insight: Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix(es): * Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality. (CVE-2015-8803, CVE-2015-8804, CVE-2015-8805) * It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. (CVE-2016-6489) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. Affected Software/OS: nettle on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8803 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176807.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177473.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177229.html https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html https://lists.gnu.org/archive/html/info-gnu/2016-01/msg00006.html https://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003028.html http://www.openwall.com/lists/oss-security/2016/02/02/2 http://www.openwall.com/lists/oss-security/2016/02/03/1 RedHat Security Advisories: RHSA-2016:2582 http://rhn.redhat.com/errata/RHSA-2016-2582.html SuSE Security Announcement: openSUSE-SU-2016:0475 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00091.html SuSE Security Announcement: openSUSE-SU-2016:0477 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00093.html SuSE Security Announcement: openSUSE-SU-2016:0486 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00100.html http://www.ubuntu.com/usn/USN-2897-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-8804 https://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003024.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8805 BugTraq ID: 84272 http://www.securityfocus.com/bid/84272 Common Vulnerability Exposure (CVE) ID: CVE-2016-6489 https://security.gentoo.org/glsa/201706-21 https://eprint.iacr.org/2016/596.pdf https://www.oracle.com/security-alerts/cpuapr2020.html http://www.openwall.com/lists/oss-security/2016/07/29/7 http://www.ubuntu.com/usn/USN-3193-1
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.