Debian Bug report logs -
#985652
libnettle8: New upstream version fixes ECDSA signature verification issue
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, ametzler@bebt.de, Magnus Holmgren <holmgren@debian.org>
:
Bug#985652
; Package libnettle8
.
(Sun, 21 Mar 2021 12:18:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Andreas Metzler <ametzler@bebt.de>
:
New Bug report received and forwarded. Copy sent to ametzler@bebt.de, Magnus Holmgren <holmgren@debian.org>
.
(Sun, 21 Mar 2021 12:18:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libnettle8
Version: 3.7-2.1
Severity: important
Hello,
nettle 3.7.2 features the following fix:
| This is a bugfix release, fixing a bug in ECDSA signature
| verification that could lead to a denial of service attack
| (via an assertion failure) or possibly incorrect results. It
| also fixes a few related problems where scalars are required
| to be canonically reduced modulo the ECC group order, but in
| fact may be slightly larger.
|
| Upgrading to the new version is strongly recommended.
|
| Even when no assert is triggered in ecdsa_verify, ECC point
| multiplication may get invalid intermediate values as input,
| and produce incorrect results. It's trivial to construct
| alleged signatures that result in invalid intermediate values.
| It appears difficult to construct an alleged signature that
| makes the function misbehave in such a way that an invalid
| signature is accepted as valid, but such attacks can't be
| ruled out without further analysis.
A DSA is currently not planned. Please upgrade nettle for sid (and
bullseye) to 3.7.2.
FWIW I have forked the salsa repo and packaged the new version at
<https://salsa.debian.org/ametzler/nettle>. I have not sent a merge
request since Debian packaging involves multiple branches.
cu Andreas
Information forwarded
to debian-bugs-dist@lists.debian.org, Magnus Holmgren <holmgren@debian.org>
:
Bug#985652
; Package libnettle8
.
(Thu, 01 Apr 2021 07:06:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Magnus Holmgren <holmgren@debian.org>
.
(Thu, 01 Apr 2021 07:06:03 GMT) (full text, mbox, link).
Message #10 received at 985652@bugs.debian.org (full text, mbox, reply):
Hi,
On Sun, Mar 21, 2021 at 01:14:00PM +0100, Andreas Metzler wrote:
> Package: libnettle8
> Version: 3.7-2.1
> Severity: important
>
> Hello,
>
> nettle 3.7.2 features the following fix:
>
> | This is a bugfix release, fixing a bug in ECDSA signature
> | verification that could lead to a denial of service attack
> | (via an assertion failure) or possibly incorrect results. It
> | also fixes a few related problems where scalars are required
> | to be canonically reduced modulo the ECC group order, but in
> | fact may be slightly larger.
> |
> | Upgrading to the new version is strongly recommended.
> |
> | Even when no assert is triggered in ecdsa_verify, ECC point
> | multiplication may get invalid intermediate values as input,
> | and produce incorrect results. It's trivial to construct
> | alleged signatures that result in invalid intermediate values.
> | It appears difficult to construct an alleged signature that
> | makes the function misbehave in such a way that an invalid
> | signature is accepted as valid, but such attacks can't be
> | ruled out without further analysis.
>
> A DSA is currently not planned. Please upgrade nettle for sid (and
> bullseye) to 3.7.2.
>
> FWIW I have forked the salsa repo and packaged the new version at
> <https://salsa.debian.org/ametzler/nettle>. I have not sent a merge
> request since Debian packaging involves multiple branches.
FTR, the security issue part has been assigned CVE-2021-20305. Cf.
https://bugzilla.redhat.com/show_bug.cgi?id=1942533 .
Regards,
Salvatore
Added tag(s) security.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Thu, 01 Apr 2021 07:06:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Apr 1 08:05:38 2021;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.