Univention Bugzilla – Bug 53479
nettle: Multiple issues (5.0)
Last modified: 2021-06-23 15:55:55 CEST
New Debian nettle 3.4.1-1+deb10u1 fixes: This update addresses the following issues: * Remote crash in RSA decryption via manipulated ciphertext (CVE-2021-3580) * Out of bounds memory access in signature verification (CVE-2021-20305)
--- mirror/ftp/pool/main/n/nettle/nettle_3.4.1-1.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/nettle_3.4.1-1+deb10u1.dsc @@ -1,3 +1,12 @@ +3.4.1-1+deb10u1 [Fri, 11 Jun 2021 19:53:20 +0200] Magnus Holmgren <holmgren@debian.org>: + + * Fix for CVE-2021-3580 - potential crash on invalid input to the RSA + decryption functions (Closes: #989631). + * Fix for CVE-2021-20305 - bug in ECDSA signature verification that + could lead to a denial of service attack (via an assertion failure) or + possibly incorrect results, backported from 3.7.2 by Marc Deslauriers + <marc.deslauriers@ubuntu.com> (Closes: #985652). + 3.4.1-1 [Sat, 26 Jan 2019 13:19:09 +0100] Magnus Holmgren <holmgren@debian.org>: * Final upstream release (identical to RC1). <http://piuparts.knut.univention.de/5.0-0/#8447036360434902653>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=5.0x18>