Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2023-1266)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : libgcrypt (EulerOS-SA-2023-1266)

According to the versions of the libgcrypt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a cross-configuration attack against OpenPGP (CVE-2021-40528)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a cross-configuration attack against OpenPGP due to a flaw in GnuPG Libgcrypt. CVE-2021-40528. GnuPG Libgcrypt is used as part of the base image included in our service components. Please read the details for...

Security Bulletin: Security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component

Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerabilities Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificate...

Security Bulletin: Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-26612 DESCRIPTION: Apache Hadoop for Windows could allow a remote attacker to bypass security restrictions, caused by the use of an...

NewStart CGSL MAIN 6.02 : libgcrypt Vulnerability (NS-SA-2022-0088)

The remote NewStart CGSL host, running version MAIN 6.02, has libgcrypt packages installed that are affected by a vulnerability: - Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and t...

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to security restriction bypass due to CVE-2021-40528

Summary GnuPG Libgcrypt is provided as part of the base operating sysem in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to security restriction bypass. This bulletin provides patch information to address the...

libgcrypt bug fix and enhancement update

An update is available for libgcrypt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libgcrypt library provides general-purpose implementations of various...

libgcrypt: Multiple Vulnerabilities

Background libgcrypt is a general purpose cryptographic library derived out of GnuPG. Description Multiple vulnerabilities have been discovered in libgcrypt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

GLSA-202210-13 : libgcrypt: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-13 libgcrypt: Multiple Vulnerabilities - Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size i...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty

Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.6-x packages Golang Go, libxml2, curl, expat ,libgcrypt and IBM WebSphere Application Server Liberty that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details...

AlmaLinux 8 : libgcrypt (5311) (ALSA-2022:5311)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:5311 advisory. - The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangero...

Oracle Linux 8 : libgcrypt (ELSA-2022-9564)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9564 advisory. 1.8.5-7fips - Add API to provide hash calculation in RSA/DSA/ECDSA signature operations Orabug: 33081130 - Change Epoch from 1 to 10 1.8.5-7 - Fix CVE-2021-3356...

libgcrypt security update

1.8.5-7fips - Add API to provide hash calculation in RSA/DSA/ECDSA signature operations Orabug: 33081130 - Change Epoch from 1 to 10 1.8.5-7 - Fix CVE-2021-33560 2018525...

libgcrypt security update

1.8.5-7 - Fix CVE-2021-33560 2018525...

Oracle Linux 8 : libgcrypt (ELSA-2022-5311)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-5311 advisory. 1.8.5-7 - Fix CVE-2021-33560 2018525 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus ha...

RHEL 8 : libgcrypt (RHSA-2022:5311)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5311 advisory. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fixes: libgcrypt: ElGamal implementation...

libgcrypt: ElGamal implementation allows plaintext recovery

A flaw was found in libgcrypt's ElGamal implementation, where it allows plain text recovery. During the interaction between two cryptographic libraries, a certain combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's...

Moderate: Red Hat Security Advisory: libgcrypt security update

An update for libgcrypt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALSA-2022:5311 Moderate: libgcrypt security update

The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fixes: libgcrypt: ElGamal implementation allows plaintext recovery CVE-2021-40528 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...