24 matches found
SUSE CVE-2003-0971
GnuPG GPG 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 sign+encrypt keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature...
Debian DSA-3649-1 : gnupg - security update
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug...
DSA-3650-1 libgcrypt20 - security update
Bulletin has no description...
Mandriva Linux Security Advisory : python-pycrypto (MDVSA-2013:120)
Updated python-pycrypto package fixes security vulnerability : PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute-force attacks to...
Gentoo Security Advisory GLSA 201206-23 (pycrypto)
The remote host is missing updates announced in advisory GLSA 201206-23. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Ubuntu Update for python-crypto USN-1484-1
Ubuntu Update for Linux kernel vulnerabilities USN-1484-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14841.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for python-crypto USN-1484-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.ne...
Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : python-crypto vulnerability (USN-1484-1)
It was discovered that PyCrypto produced inappropriate prime numbers when generating ElGamal keys. An attacker could use this flaw to facilitate brute-forcing of ElGamal encryption keys. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu...
PYSEC-2012-16
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...
FreeBSD : ElGamal sign+encrypt keys created by GnuPG can be compromised (81313647-2d03-11d8-9355-0020ed76ef5a)
Any ElGamal sign+encrypt keys created by GnuPG contain a cryptographic weakness that may allow someone to obtain the private key. These keys should be considered unusable and should be revoked. The following summary was written by Werner Koch, GnuPG author : Phong Nguyen identified a severe bug i...
Debian Security Advisory DSA 429-2 (gnupg)
The remote host is missing an update to gnupg announced via advisory DSA 429-2. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Core 1 : gnupg-1.2.3-2 (2003-025)
Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys, when those keys are used both to sign and encrypt data. This vulnerability can be used to trivially recover the private key. While the default behavior of GnuPG when generating keys does not lead to the creation ...
RHEL 2.1 / 3 : gnupg (RHSA-2003:395)
Updated gnupg packages are now available for Red Hat Enterprise Linux. These updates disable the ability to generate ElGamal keys used for both signing and encrypting and disable the ability to use ElGamal public keys for encrypting data. GnuPG is a utility for encrypting data and creating digita...
[SECURITY] [DSA 429-2] New gnupg packages fix cryptographic weakness
-------------------------------------------------------------------------- Debian Security Advisory DSA 429-2 [email protected] http://www.debian.org/security/ Matt Zimmerman February 13th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 429-1] New gnupg packages fix cryptographic weakness in ElGamal signing keys
-------------------------------------------------------------------------- Debian Security Advisory DSA 429-1 [email protected] http://www.debian.org/security/ Matt Zimmerman January 26th, 2004 http://www.debian.org/security/faq -...
DSA-429 gnupg - cryptographic weakness
Bulletin has no description...
GnuPG creates ElGamal keys for signing using insufficient entropy
Overview Gnu Privacy Guard GnuPG is a cryptographic utility used to generate cryptographic keys and perform other cryptographic functions. A vulnerability in the way GnuPG generates ElGamal keys has been discovered. This vulnerability renders ElGamal signing key untrustworthy. Description A...
CVE-2003-0971
GnuPG GPG 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 sign+encrypt keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature...
GnuPG: ElGamal signing keys compromised and format string vulnerability
Background GnuPG is a popular open source signing and encryption tool. Description Two flaws have been found in GnuPG 1.2.3. First, ElGamal signing keys can be compromised. These keys are not commonly used, but this is "a significant security failure which can lead to a compromise of almost all...
Important: Red Hat Security Advisory: : Updated gnupg packages disable ElGamal keys
Updated gnupg packages are now available for Red Hat Linux. These updates disable the ability to generate ElGamal keys used for both signing and encrypting and disable the ability to use ElGamal public keys for encrypting data. GnuPG is a utility for encrypting data and creating digital signature...
Important: Red Hat Security Advisory: gnupg security update
Updated gnupg packages are now available for Red Hat Enterprise Linux. These updates disable the ability to generate ElGamal keys used for both signing and encrypting and disable the ability to use ElGamal public keys for encrypting data. GnuPG is a utility for encrypting data and creating digita...