Ubuntu 14.04 LTS / 16.04 LTS : GnuPG vulnerability (USN-3733-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3733-1 advisory. Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom...

Intel® SGX SDK and Intel® SGX Platform Software Updates

Summary: Intel® Software Guard Extensions Software Development Kit SDK and Platform Software PSW utilize the Intel® Integrated Performance Primitives Cryptography Library. Vulnerabilities in this cryptography library have been reported that may enable a local attacker running malware utilizing...

About the security content of macOS High Sierra 10.13.2 Supplemental Update - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

USN-2914-1 OpenSSL vulnerabilities | Cloud Foundry

USN-2914-1 OpenSSL vulnerabilities Low Vendor Ubuntu, OpenSSL Versions Affected Ubuntu 14.04 LTS SSLv1 Description Several security issues were fixed in OpenSSL. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiatio...

Vulnerability in OpenSSL - Side channel attack on modular exponentiation

A side-channel attack was found which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA keys. The ability to exploit this issue is limited as it relies on an attacker who has control of code in a thread running on the same...

Debian DSA-3073-1 : libgcrypt11 - security update

Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

CentOS Update for gnupg CESA-2014:0016 centos5

Check for the Version of gnupg OpenVAS Vulnerability Test CentOS Update for gnupg CESA-2014:0016 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Updated gnupg package fixes CVE-2013-4576

Updated gnupg package fixes security vulnerability: Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts CVE-2013-4576...

Debian Security Advisory DSA 2821-1 (gnupg - side channel attack)

Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts. OpenVAS Vulnerability Test $Id: deb2821.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2821-1...