A mistake in the computation of elliptic curve scalar multiplications was found in nettle. Oss-security reference: http://seclists.org/oss-sec/2016/q1/266 CVE assignment: http://seclists.org/oss-sec/2016/q1/273 Upstream fix: https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
Fixed upstream in nettle 3.2: https://lists.gnu.org/archive/html/info-gnu/2016-01/msg00006.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2582 https://rhn.redhat.com/errata/RHSA-2016-2582.html