Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2016.1061
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2016-1061)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'nettle' package(s) announced via the EulerOS-SA-2016-1061 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'nettle' package(s) announced via the EulerOS-SA-2016-1061 advisory. Vulnerability Insight: The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.(CVE-2015-8803) x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.(CVE-2015-8804) The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.(CVE-2015-8805) It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance.(CVE-2016-6489) Affected Software/OS: 'nettle' package(s) on Huawei EulerOS V2.0SP1. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8803 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176807.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177473.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177229.html https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html https://lists.gnu.org/archive/html/info-gnu/2016-01/msg00006.html https://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003028.html http://www.openwall.com/lists/oss-security/2016/02/02/2 http://www.openwall.com/lists/oss-security/2016/02/03/1 RedHat Security Advisories: RHSA-2016:2582 http://rhn.redhat.com/errata/RHSA-2016-2582.html SuSE Security Announcement: openSUSE-SU-2016:0475 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00091.html SuSE Security Announcement: openSUSE-SU-2016:0477 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00093.html SuSE Security Announcement: openSUSE-SU-2016:0486 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00100.html http://www.ubuntu.com/usn/USN-2897-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-8804 https://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003024.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8805 BugTraq ID: 84272 http://www.securityfocus.com/bid/84272 Common Vulnerability Exposure (CVE) ID: CVE-2016-6489 https://security.gentoo.org/glsa/201706-21 https://eprint.iacr.org/2016/596.pdf https://www.oracle.com/security-alerts/cpuapr2020.html http://www.openwall.com/lists/oss-security/2016/07/29/7 http://www.ubuntu.com/usn/USN-3193-1
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.