EUVD-2014-3565

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2014-3591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to...

RHEL 5 : gnupg (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing...

RHEL 7 : gnupg (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing...

SUSE CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

EulerOS 2.0 SP2 : libgcrypt (EulerOS-SA-2020-1672)

According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proxima...

EulerOS Virtualization 3.0.2.2 : libgcrypt (EulerOS-SA-2020-1498)

According to the versions of the libgcrypt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext...

EulerOS 2.0 SP3 : libgcrypt (EulerOS-SA-2020-1400)

According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proxima...

Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2019-2695)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : libgcrypt (EulerOS-SA-2019-2695)

According to the version of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate...

DEBIAN-CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

Code injection

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

CVE-2014-3591

CVE-2014-3591 affects Libgcrypt (before 1.6.3) and GnuPG (before 1.4.19), which do not implement ciphertext blinding for ElGamal decryption, enabling physically proximate attackers to potentially extract private keys via crafted ciphertext and EM field fluctuations during multiplication. Related ...

Gentoo Security Advisory GLSA 201408-10

Gentoo Linux Local Security Checks GLSA 201408-10 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

openSUSE Security Update : libgcrypt (openSUSE-2015-566)

This update fixes two security vulnerabilities bsc920057 : - Use ciphertext blinding for Elgamal decryption CVE-2014-3591. See http://www.cs.tau.ac.il/tromer/radioexp/ for details. - Fixed data-dependent timing variations in modular exponentiation related to CVE-2015-0837, Last-Level Cache...

SUSE-SU-2015:1626-1 Security update for libgcrypt

This update fixes the following issues: Use ciphertext blinding for Elgamal decryption CVE-2014-3591. See http://www.cs.tau.ac.il/tromer/radioexp/ for details. bsc920057 Fixed data-dependent timing variations in modular exponentiation related to CVE-2015-0837, Last-Level Cache Side-Channel Attack...

SUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2015:1179-1)

This update of libgcrypt fixes one security issue and brings various FIPS 140-2 related improvements. libgcrypt now uses ciphertext blinding for Elgamal decryption CVE-2014-3591 FIPS 140-2 related changes : - The library performs its self-tests when the module is complete the -hmac file is also...

SUSE-SU-2015:1179-1 Security update for libgcrypt

This update of libgcrypt fixes one security issue and brings various FIPS 140-2 related improvements. libgcrypt now uses ciphertext blinding for Elgamal decryption CVE-2014-3591 FIPS 140-2 related changes: The library performs its self-tests when the module is complete the -hmac file is also...

[slackware-security] gnupg

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/gnupg-1.4.19-i486-1slack14.1.txz: Upgraded. Use ciphertext blinding for Elgamal decryption CVE-2014-3591. See...