USN-4906-1: Nettle vulnerability

13 April 2021

Nettle could be made to crash or bypass signature verification if it opened a specially crafted certificate.

Releases

Packages

  • nettle - low level cryptographic library

Details

It was discovered that Nettle incorrectly handled signature verification.
A remote attacker could use this issue to cause Nettle to crash, resulting
in a denial of service, or possibly force invalid signatures.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References