CVEs have been assigned for some miscalculations during cryptographic operations that were fixed in nettle 3.2: http://openwall.com/lists/oss-security/2016/02/03/1 I've updated nettle to 3.2 in Cauldron. At least in Mageia 5, while we have nettle 3.0, nothing is actually using it. Note that the library major changes from 5->6 in 3.2 vs. 3.0, so if/when we do update it, we should note that any applications that might be using 3.0 would need to be recompiled. We also have nettle2.7 packaged, which is what everything that uses it is linked against. I would guess that these bugs affect nettle2.7 as well. If so, it will need to be fixed in Cauldron as well as Mageia 5. The upstream commits to fix these issues are linked in the message above. Reproducible: Steps to Reproduce:
URL: (none) => http://lwn.net/Vulnerabilities/674493/
Fedora has issued an advisory for this on February 4: https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176807.html
nettle2.7 has been removed from Cauldron, as it is not used there. Patched packages uploaded for Mageia 5. Advisory: ======================== Updated nettle2.7 and nettle packages fix security vulnerabilities: Two carry propagation bugs in elliptic curve scalar multiplications that affect the NIST P-256 curve. The bugs are in the C code and affect multiple architectures (CVE-2015-8803, CVE-2015-8805). A carry propagation bug in elliptic curve scalar multiplications that affect the NIST P-384 curve. The bug is in the assembly code and only affects the x86_64 architecture (CVE-2015-8804). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8805 http://openwall.com/lists/oss-security/2016/02/03/1 https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176807.html ======================== Updated packages in core/updates_testing: ======================== nettle2.7-2.7.1-6.1.mga5 libnettle4-2.7.1-6.1.mga5 libhogweed2-2.7.1-6.1.mga5 libnettle2.7-devel-2.7.1-6.1.mga5 nettle-3.0-3.1.mga5 libnettle5-3.0-3.1.mga5 libhogweed3-3.0-3.1.mga5 libnettle-devel-3.0-3.1.mga5 from SRPMS: nettle2.7-2.7.1-6.1.mga5.src.rpm nettle-3.0-3.1.mga5.src.rpm
Assignee: bugsquad => qa-bugsSummary: nettle new security issues CVE-2015-880[3-5] => nettle2.7 and nettle new security issues CVE-2015-880[3-5]Source RPM: nettle-3.0-3.mga5.src.rpm => nettle2.7-2.7.1-6.mga5.src.rpm, nettle-3.0-3.mga5.src.rpm
mga5 x86_64 Mate Installed: nettle-3.0-3.mga5 lib64hogweed3-3.0-3.mga5 lib64nettle5-3.0-3.mga5 $ urpmq --whatrequires lib64hogweed3 lib64hogweed3 lib64nettle-devel nettle Extracted from http://www.linuxfromscratch.org/blfs/view/svn/postlfs/nettle.html nettle-hash calculates a hash value using a specified algorithm. nettle-lfib-stream outputs a sequence of pseudorandom (non-cryptographic) bytes, using Knuth's lagged fibonacci generator. The stream is useful for testing, but should not be used to generate cryptographic keys or anything else that needs real randomness. nettle-pbkdf2 password-based key derivation function that take as input a password or passphrase and typically strengthen it and protect against certain pre-computation attacks by using salting and expensive computation. pkcs1-conv converts private and public RSA keys from PKCS #1 format to sexp format. sexp-conv converts an s-expression to a different encoding. $ locate nettle | grep bin /usr/bin/nettle-hash /usr/bin/nettle-lfib-stream /usr/bin/nettle-pbkdf2 $ locate pkcs1 | grep bin /usr/bin/pkcs1-conv $ locate sexp-conv | grep bin /usr/bin/sexp-conv Ran a few tests before updating to see how the commands worked. Testing nettle-hash using familiar algorithms: [lcl@vega ~]$ nettle-hash -a md5 nettles nettles: 61cd448d4a87840d 0a1ca521bf58abe0 md5 [lcl@vega ~]$ md5sum nettles 61cd448d4a87840d0a1ca521bf58abe0 nettles [lcl@vega ~]$ nettle-hash -a sha1 nettles nettles: fef2703dc089a852 fbc7d2b9bc31d64d 6ffd6ccd sha1 [lcl@vega ~]$ sha1sum nettles fef2703dc089a852fbc7d2b9bc31d64d6ffd6ccd nettles nettle-lfib-stream with or without a seed generated a continuous stream of binary data until interrupted. File rumpelstiltskin contains string "Rapunzel" [lcl@vega ~]$ nettle-pbkdf2 778013 < rumpelstiltskin d0cf299c8c917f97 ecd0f741086a3d35 [lcl@vega ~]$ nettle-pbkdf2 778013 < rumpelstiltskin d0cf299c8c917f97 ecd0f741086a3d35 [lcl@vega ~]$ nettle-pbkdf2 7783 < rumpelstiltskin 4e59a4a23b3e91d9 7d57147a80e07e9e Could not make anything of the pkcs1-conv and sexp-conv commands - lack of knowledge of s-expressions.
CC: (none) => tarazed25
Packages under test: nettle-3.0-3.1.mga5.x86_64 lib64hogweed3-3.0-3.1.mga5.x86_64 lib64nettle5-3.0-3.1.mga5.x86_64 [lcl@vega ~]$ nettle-hash -a md5 nettles nettles: 61cd448d4a87840d 0a1ca521bf58abe0 md5 [lcl@vega ~]$ nettle-hash -a sha1 nettles nettles: fef2703dc089a852 fbc7d2b9bc31d64d 6ffd6ccd sha1 These values match the pre-update values. As before, nettle-lfib-stream with or without a seed generated a continuous stream of binary data until interrupted. [lcl@vega ~]$ nettle-pbkdf2 778013 < rumpelstiltskin d0cf299c8c917f97 ecd0f741086a3d35 [lcl@vega ~]$ nettle-pbkdf2 7783 < rumpelstiltskin 4e59a4a23b3e91d9 7d57147a80e07e9e No obvious differences in behaviour between the updated packages and the originals with regard to the commands tested. Unless anyone objects to the missing s-expression tests I shall pass this.
Whiteboard: (none) => MGA5-64-OK
Good work Len
Whiteboard: MGA5-64-OK => has_procedure MGA5-64-OK
Tested this on mga5 in virtualbox i586 Mate Updated the nettle packages from Updates Testing and ran the same tests as on 64-bit real hardware using the same files and seeds where required. All numerical results were identical. Not sure if that is a good thing or a bad thing in the context of security but the underlying procedures work as expected. The fibonacci pseudorandom generator produced a binary data stream as before. Validating this, so could someone from sysadmin please push it to Mageia Updates?
Whiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-64-OK MGA5-32-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Tested nettle-hash using nettle2.7 too. nettle-pdkdf2 does not exist in nettle2.7. $ urpmf nettle2.7 | grep bin nettle2.7:/usr/bin/nettle-hash nettle2.7:/usr/bin/nettle-lfib-stream nettle2.7:/usr/bin/pkcs1-conv nettle2.7:/usr/bin/sexp-conv # urpmi nettle2.7 installing nettle2.7-2.7.1-6.mga5.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ############# 1/1: nettle2.7 ############# Noted the update also brings in the libs. # urpmi nettle2.7 To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Updates Testing") lib64hogweed2 2.7.1 6.1.mga5 x86_64 lib64nettle4 2.7.1 6.1.mga5 x86_64 nettle2.7 2.7.1 6.1.mga5 x86_64 216B of disk space will be freed. 485KB of packages will be retrieved. Proceed with the installation of the 3 packages? (Y/n) y
Advisory uploaded.
Whiteboard: has_procedure MGA5-64-OK MGA5-32-OK => has_procedure advisory MGA5-64-OK MGA5-32-OK
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0061.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
@Claire comment #7. Thanks for taking on the 2.7 version. I had package conflicts when I looked at it and abandoned it.
That seems like a bug Len. Nettle & nettle2.7 contain the same binaries so should really conflict, but they currently don't. Bug 17726 created.