Ubuntu Security Notice USN-2897-1 15th February, 2016 nettle vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in Nettle. Software description nettle – low level cryptographic library (public-key cryptos) Details Hanno Böck discovered that Nettle incorrectly handled carry propagation inthe NIST P-256 elliptic curve. (CVE-2015-8803) Hanno Böck discovered that Nettle incorrectly handled carry propagation inthe NIST P-384 elliptic curve. (CVE-2015-8804) Niels Moeller discovered that Nettle incorrectly handled carry propagationin the NIST P-256 elliptic curve. (CVE-2015-8805) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libnettle6 3.1.1-4ubuntu0.1 Ubuntu 14.04 LTS: libnettle4 2.7.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-8803, CVE-2015-8804, CVE-2015-8805 Source: [ more… ]