It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance.
A cache-related side channel was found in nettle's RSA and DSA decryption code. An attacker could use this flaw to recover the private key, from a co-located virtual-machine instance.
Created nettle tracking bugs for this issue:
Affects: fedora-all [bug 1362017]
Affects: epel-5 [bug 1362021]
Created mingw-nettle tracking bugs for this issue:
Affects: fedora-all [bug 1362018]
Affects: epel-7 [bug 1362022]
Created compat-nettle27 tracking bugs for this issue:
Affects: fedora-23 [bug 1362020]
As per: http://seclists.org/oss-sec/2016/q3/206 , the upstream fix has "some unintended side effects" and needs to be reviewed before being applied.
The upstream author has included sanity checks at the functions using mpz_powm_sec() to prevent crashes by invalid private keys. As such, the unintended side-effects are no longer the case.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2016:2582 https://rhn.redhat.com/errata/RHSA-2016-2582.html