Security
Security
Multiple denial of service vulnerabilities have been discovered in Nettle.
| Package | dev-libs/nettle on all architectures |
|---|---|
| Affected versions | < 3.9.1 |
| Unaffected versions | >= 3.9.1 |
Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space.
Multiple vulnerabilities have been discovered in Nettle. Please review the CVE identifiers referenced below for details.
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
There is no known workaround at this time.
All Nettle users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nettle-3.9.1"