gnutls/nettle (CVE-2018-16868/CVE-2018-16869)
Hi,
I'm working on CVE-2018-16868/CVE-2018-16869, a side-channel attack that
affects gnutls and nettle, disclosed 2018-12, tagged low/local.
Unlike what I read in data/CVE/list, I understand that the nettle fix is
not just a new function - it's a rewrite of the RSA functions,
completemented by a new 'rsa_sec_decrypt' function.
https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html
Consequently the diff is large, and based on a new major version
(conflicts, missing files).
I note that the patch was written by RedHat (Simo Sorce), and that
gnutls is also maintained by a RedHat employee (Nikos Mavrogiannopoulos).
Despite this, RHEL (all releases) issued a "Will not fix" for both:
https://access.redhat.com/security/cve/cve-2018-16869
https://access.redhat.com/security/cve/cve-2018-16868
It's not in EPEL either after 3 months:
https://bugzilla.redhat.com/show_bug.cgi?id=1654930
https://bugzilla.redhat.com/show_bug.cgi?id=1654929
https://apps.fedoraproject.org/packages/nettle
https://apps.fedoraproject.org/packages/gnutls
I see this as a strong signal that we should not attempt to backport the
fix, and go with a <no-dsa> (minor).
Alternatively we could upgrade nettle (libnettle4->libnettle6) which
doesn't break gnutls28's test suite, though it's likely to introduce
other issues (e.g. #789119).
Thoughts?
Cheers!
Sylvain
Reply to: