{"id":"MGASA-2021-0300","summary":"Updated nettle packages fix security vulnerabilities","details":"Remote crash in RSA decryption via manipulated ciphertext (CVE-2021-3580).\n\nA flaw was found in Nettle in versions before 3.7.2, where several Nettle\nsignature verification functions (GOST DSA, EDDSA & ECDSA) result in the\nElliptic Curve Cryptography point (ECC) multiply function being called with\nout-of-range scalers, possibly resulting in incorrect results. This flaw\nallows an attacker to force an invalid signature, causing an assertion\nfailure or possible validation (CVE-2021-20305).\n\nThe Mageia 8 nettle package has been updated to version 3.7.3 and the Mageia 7\nnettle package has been patched to fix these issues.\n","modified":"2026-02-01T14:58:11.153176Z","published":"2021-06-29T17:31:40Z","related":["CVE-2021-20305","CVE-2021-3580"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0300.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28800"},{"type":"REPORT","url":"https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html"},{"type":"REPORT","url":"https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009545.html"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-4906-1"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-4990-1"}],"affected":[{"package":{"name":"nettle","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/nettle?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.1-1.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0300.json"}},{"package":{"name":"nettle","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/nettle?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.3-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0300.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}