Bugzilla – Bug 1118086
VUL-0: CVE-2018-16869: libnettle: nettle: Leaky data conversion exposing a manager oracle
Last modified: 2023-10-13 14:30:08 UTC
rh#1654930 Nettle is vulnerable to leaky data conversion exposing a manager oracle. References: https://bugzilla.redhat.com/show_bug.cgi?id=1654930
see bug 1117951 for the problem
The yesterday's release of libnettle fixes the issue: https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html
Submitted to Factory: https://build.opensuse.org/request/show/653877
Created attachment 792748 [details] Patch for SLE-15 Patch that contains the relevant commits from: https://git.lysator.liu.se/nettle/nettle/tree/release-3.4-fixes List of commits: c2fa92f5 b2654704 0266a5e3 98e309be 9cbfde38 4c5a4472 f554a317 9d4c4836 36d4b664 91da0846 bfda54ee c9a77562 245319f2 760dc943 01fa621a 8d38b6af 3f76113c af951c2d a287f1a9 eb4c86c4 f2bbbc28 dbaf6abb f9e3227f e6a16d16 898ce4be 07a31f84 6487ef7e 77bc04f8 128832dc 3170f3b4 1fe332ad
SUSE-SU-2018:4193-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1118086 CVE References: CVE-2018-16869 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): libnettle-3.4-4.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 (src): libnettle-3.4-4.3.1 SUSE Linux Enterprise Module for Basesystem 15 (src): libnettle-3.4-4.3.1
openSUSE-SU-2018:4260-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1118086 CVE References: CVE-2018-16869 Sources used: openSUSE Leap 15.0 (src): libnettle-3.4-lp150.3.3.1
This is an autogenerated message for OBS integration: This bug (1118086) was mentioned in https://build.opensuse.org/request/show/670843 15.1 / libnettle
Due to the difficult nature of fixing the older SLE12 nettle, and its uncommon usage in SLE12 , we are currently not planning to fix this for SLE12 and older.