Cryptographic Library
Nettle is a cryptographic library that is designed to fit easily in more or
less any context: In crypto toolkits for object-oriented languages (C++,
Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space.
- Sources inherited from project SUSE:SLE-15-SP4:GA
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Step:15-SP4/libnettle && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
baselibs.conf | 0000000039 39 Bytes | |
libnettle-rpmlintrc | 0000000103 103 Bytes | |
libnettle.changes | 0000022035 21.5 KB | |
libnettle.keyring | 0000002182 2.13 KB | |
libnettle.spec | 0000005728 5.59 KB | |
nettle-3.7.3.tar.gz | 0002383985 2.27 MB | |
nettle-3.7.3.tar.gz.sig | 0000000374 374 Bytes |
Revision 2 (latest revision is 3)
Gustavo Yokoyama Ribeiro (gyribeiro)
committed
(revision 2)
- Update to 3.7.3 in SLE-15-SP4: [SLE-19765, jsc#SLE-18132] - Add libnettle-rpmlintrc - Remove patches upstream: * libnettle-CVE-2021-20305.patch * libnettle-CVE-2021-3580-rsa_decrypt.patch * libnettle-CVE-2021-3580-rsa_sec.patch * nettle-respect-cflags.patch - GNU Nettle 3.7.3: [CVE-2021-3580, bsc#1187060] * Fix crash for zero input to rsa_sec_decrypt and rsa_decrypt_tr. Potential denial of service vector. * Ensure that all of rsa_decrypt_tr and rsa_sec_decrypt return failure for out of range inputs, instead of either crashing, or silently reducing input modulo n. Potential denial of service vector. * Ensure that rsa_decrypt returns failure for out of range inputs, instead of silently reducing input modulo n. * Ensure that rsa_sec_decrypt returns failure if the message size is too large for the given key. Unlike the other bugs, this would typically be triggered by invalid local configuration, rather than by processing untrusted remote data. - GNU Nettle 3.7.2: * fix a bug in ECDSA signature verification that could lead to a denial of service attack (via an assertion failure) or possibly incorrect results (CVE-2021-20305, boo#1184401) * fix a few related problems where scalars are required to be canonically reduced modulo the ECC group order, but in fact may be slightly larger
Comments 0