20 matches found
Mageia: Security Advisory (MGASA-2013-0382)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2014-0016)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SOL16396 - GnuPG vulnerability CVE-2013-4576
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
Code injection
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed...
Fedora Update for gnupg FEDORA-2014-7676
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for gnupg FEDORA-2013-23603
Check for the Version of gnupg OpenVAS Vulnerability Test Fedora Update for gnupg FEDORA-2013-23603 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...
Medium: gnupg
Issue Overview: GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE:...
Scientific Linux Security Update : gnupg on SL5.x i386/x86_64 (20140108)
It was found that GnuPG was vulnerable to side-channel attacks via acoustic cryptanalysis. An attacker in close range to a target system that is decrypting ciphertexts could possibly use this flaw to recover the RSA secret key from that system. CVE-2013-4576 %NASLMINLEVEL 70300 C Tenable Network...
CentOS 5 : gnupg (CESA-2014:0016)
An updated gnupg package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Oracle Linux 5 : gnupg (ELSA-2014-0016)
The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2014-0016 advisory. 1.4.5-18.1 - fix CVE-2013-4576 acoustic side channel attack on RSA private keys Tenable has extracted the preceding description block directly from the Oracle...
Moderate: Red Hat Security Advisory: gnupg security update
An updated gnupg package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Fedora Update for gnupg FEDORA-2013-23678
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 19 : gnupg-1.4.16-2.fc19 (2013-23615)
What's New =========== - Fixed the RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack as described by Genkin, Shamir, and Tromer. See .CVE-2013-45 76 - Put only the major version number by default into armored output. - Do not create a trustdb file if --trust-model=always is used....
CVE-2013-4576
GnuPG 1.x before 1.4.16 is vulnerable to a side-channel attack during RSA key handling. The issue arises from sequences of introductions with certain patterns that enable a local attacker to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. The impact i...
MGASA-2013-0382 Updated gnupg package fixes CVE-2013-4576
Updated gnupg package fixes security vulnerability: Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts CVE-2013-4576...
Mandriva Linux Security Advisory : gnupg (MDVSA-2013:295)
A vulnerability has been discovered and corrected in gnupg : Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts CVE-2013-4576. The updated packages have been patched to correct...
FreeBSD : gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack (2e5715f8-67f7-11e3-9811-b499baab0cbe)
Werner Koch reports : CVE-2013-4576 has been assigned to this security bug. The paper describes two attacks. The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption. This is in general not a problem but may be used to reveal the...
[SECURITY] [DSA 2821-1] gnupg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2821-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst December 18, 2013 http://www.debian.org/security/faq -...
CVE-2013-4576
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not...
gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack
Werner Koch reports: CVE-2013-4576 has been assigned to this security bug. The paper describes two attacks. The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption. This is in general not a problem but may be used to reveal the...