vulnerability
Oracle Linux: CVE-2016-6489: ELSA-2016-2582: nettle security and bug fix update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Jun 20, 2016 | Nov 9, 2016 | Dec 3, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Jun 20, 2016
Added
Nov 9, 2016
Modified
Dec 3, 2025
Description
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance.
It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance.
Solutions
oracle-linux-upgrade-nettleoracle-linux-upgrade-nettle-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.