Main Vulnerability Database SB2016020305

SB2016020305 - Fedora 23 update for mingw-gnutls, mingw-nettle

Published: February 3, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016020305

Severity

High

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Security Features (CVE-ID: CVE-2015-8803)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.

2) Security Features (CVE-ID: CVE-2015-8804)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.

3) Cryptographic issues (CVE-ID: CVE-2015-8805)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2016-aa00f0631d

SB2016020305 - Fedora 23 update for mingw-gnutls, mingw-nettle

Breakdown by Severity

Description

Remediation

References

Please verify you're human