Debian 10261 Published by

A nettle security update has been released for Debian GNU/Linux 8 Extended LTS to address multiple vulnerabilities.



ELA-485-1 nettle security update

Package nettle
Version 2.7.1-5+deb8u3
Related CVEs CVE-2021-3580 CVE-2021-20305

Multiple vulnerabilities were discovered in nettle, a low level cryptographic library, which could result in denial of service (remote crash in RSA decryption via specially crafted ciphertext, crash on ECDSA signature verification) or incorrect verification of ECDSA signatures.

For Debian 8 jessie, these problems have been fixed in version 2.7.1-5+deb8u3.

We recommend that you upgrade your nettle packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-485-1 nettle security update