Fedora 18 : libgcrypt-1.5.3-1.fc18 (2013-13671)

Minor update from upstream fixing a moderate impact security issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

USN-1923-1: GnuPG, Libgcrypt vulnerability

Yuval Yarom and Katrina Falkner discovered a timing-based information leak, known as Flush+Reload, that could be used to trace execution in programs. GnuPG and Libgcrypt followed different execution paths based on key-related data, which could be used to expose the contents of private keys...

CVE-2013-4242

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload...

GnuPG and Libgcrypt -- side-channel attack vulnerability

Werner Koch of the GNU project reports: Noteworthy changes in version 1.5.3: Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys... Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes the above problem. The fix for GnuPG less than 2.0 can be found in th...

Scientific Linux Security Update : libgcrypt on SL5.0 - 5.3 i386/x86_64

gnutls-1.4.1-3.el54.8 is a moderate security update that required /usr/libm/libgcrypt.so.11 to have the symbol gcryciphersetkey This is only available in the newer libgcrypt that was released with SL 5.4. This update updates libgcrypt in the older SL 5 releases so that the gnutls security update...

Fedora 13 : gnupg2-2.0.14-4.fc13 (2010-11413)

Fri Jul 23 2010 Rex Dieter - 2.0.14-4 - gpgsm realloc patch - Fri Jun 18 2010 Tomas Mraz - 2.0.14-3 - initialize small amount of secmem for list of algorithms in help 598847 necessary in the FIPS mode of libgcrypt Note that Tenable Network Security has extracted the preceding description block...

CVE-2008-2377

Use-after-free vulnerability in the gnutlshandshakehashbuffersclear function in lib/gnutlshandshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via TLS transmission of data that is improperly used when...

Design/Logic Flaw

Use-after-free vulnerability in the gnutlshandshakehashbuffersclear function in lib/gnutlshandshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via TLS transmission of data that is improperly used when...

VLC Media Player < 0.8.6h Multiple Vulnerabilities

The version of VLC Media Player installed on the remote host reportedly includes versions of GnuTLS, libgcrypt, and libxml2 that are affected by various denial of service and buffer overflow vulnerabilities. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid33278;...